February 10, 2020
You’re a cyber security engineer and want to find an exciting career opportunity in this arena.
But several obstacles are preventing you from making this happen. For example, you may get offered a big salary, say $200,000 per year. The fact that someone is willing to pay you that much strokes your ego.
Yet you take that job and find out the work itself doesn’t appeal to you. Or the corporate culture doesn’t align with your values.
You saw the big dollar signs and took the position but now you realize you made a big mistake. You now have to start over finding another job or stay in a place where you are not happy.
You lack skills in a key area
Or here’s another problem you might have. You know a lot about cyber security but the position you’re applying for requires that you also understand and have skills using machine learning, for example – a hot new trend. You haven’t had time to learn about it because your current job eats up 80-100 hours a week of your time.
With this technology industry changing so fast, and the demands of your current job so all-encompassing, you haven’t had time to keep get your head around what machine learning is all about or how to get caught up in your free time.
You don’t know what certifications to get
Or you have a related problem. You need web application security knowledge to land a dream job, but you don’t know what certification to get that employers will want before hiring you.
Some employers want you to take one type of certification course and another specifies that you pass another course. Which one do you take? And which job do you want more? It’s all complicated and uncertain, a crapshoot.
You believe employers will come after you
Or you may have more fundamental obstacles to overcome. You believe you can send out your resume and employers will come chasing you because there’s a shortage of cyber security professionals. You’re a hot commodity. They’ll come chasing you.
All you have to do is make them aware you’re looking around. But you find out that’s not nearly enough effort and unrealistic. You have to do much more. Even when demand for your skills is intense.
You have LinkedIn fatigue
Or you find that every day you get at least five messages on LinkedIn from employers wanting to know if you’re interested in a new cyber security position. But the notices are poorly targeted for positions far below your experience level.
Worn out by “LinkedIn fatigue,” you stop going to that page in your job hunt because so much of the information wastes your time. But that’s where so many opportunities for you await. It’s a conundrum.
How to overcome these obstacles
There are several actions you take to overcome these hurdles. One of the most important is to stay current and keep your skills relevant and fine-tuned in the cyber security market.
You must be current
Your knowledge has to be up-to-speed with what’s going on right now and where the market is headed. Three-year-old information and skills won’t cut it in the ultra-high-speed cyber security arena. One-year-old information doesn’t amount to much either. It’s all about now and what you know and what value you can offer today and tomorrow.
Next, focus on improving your written and verbal communications skills. Yes, technical knowledge remains important, but plenty of strong competitors have that.
You will separate yourself from competitors if you show you can handle the technical aspects of the work and communicate well. This would mean, for instance, simply and clearly explaining to upper management why the cyber security projects you and your team are working on are important to the financial growth of the business.
Want to enchant employers? Be authentic. Employers can tell when someone is faking who they are or what they can do. Be candid with employers about what you can and cannot do, what your passions are, why you want to work specifically for them, why you believe cyber security is important, and show them you understand the cyber security problems they need solved.
Obstacles from Employer’s Perspective
Employers struggle to find and hire cyber security professionals. They often don’t understand well what cyber security is, why their company needs it, and how it can help their businesses grow or prevent losses. They have a general sense that they need to have better cyber security so they seek to hire people who do know about it.
But these employers often cannot communicate who they want to hire because they don’t know what they want the cyber security person to do.
Be more flexible with job requirements
Another problem: Written job descriptions for cyber security jobs are too lofty, demanding, and stringent. If a candidate meets six of the eight requirements, for example, but the corporate policy stipulates that they need to meet all of them, the application won’t move any further in the process.
Companies often miss on what could have been a great hire. Inflexible hiring practices blocked the process. This is a huge problem.
Shorten the job hunt process
The problems don’t end there. Companies often take far too long to hire anyone. The process tends to be overly laborious – even when searching for employees in a high-demand market such as cyber security.
Positions can stay open for nine months and often longer. Corporate recruiters often are asked to fill 50 or more jobs at once. Even when hundreds of people apply to one position, few people have time to review them, or at least not for several months.
Cybersecurity affects finances
Companies also wrestle with cyber security hiring because cyber security does not generate revenue. It’s an expense. Naturally, the company wants to keep the revenue-generating engine humming. They are therefore more inclined to hire salespeople and others who can affect the bottom line.
The flaw in this logic, of course, is that if the company’s cyber security stays weak, fraudsters are more likely to steal millions of dollars and valuable information from the company. But until that happens, companies de-prioritize cyber security hiring in favor of people who bring in the cash.
Overreliance on certifications
Cybersecurity professionals rely too much on certifications and are not familiar enough with the certification programs to assess whether they show that an applicant is competent in a discipline just because they gained the certification. Some certifications are easy to get and don’t require much skill.
Too often companies place too much value on one applicant who has a certification when another applicant who does not is better qualified for the position.
It’s not all about the money for employees
Employers also underestimate how much job applicants value doing meaningful work. They frequently assume the salary constitutes the overriding force for luring candidates. But actually the work they will do and how valuable it is to the employer means a great deal to employees.
How to overcome these obstacles
To be more successful hiring cyber security professionals, companies need to become much more knowledgeable about what cyber security is and pinpoint exactly why they need to hire people to help them with this important program.
There are no perfect candidates
Companies also need to be much more flexible in ascertaining who fulfills enough of their job requirements to deserve an interview. There just aren’t that many people anywhere who know everything there is to know and have all skills needed to do a cyber security job.
The technology is too new, the skills take too long to refine, the specific niches are too numerous and disparate. There are no perfect applicants. Applicants who show they can do most of what the job requires should be given more consideration.
Weak cyber security weakens businesses
Companies also need to be careful not to underestimate the financial impacts of not hiring cyber security professionals. Granted, this is not a revenue-generating discipline. But it does help reduce revenue losses, which can be huge when cyber breaches occur.
Don’t overestimate value of certifications
Companies should also not overestimate the value of cyber security certifications. Some people might take an easy course while others may not. It’s important to figure out which certifications show a job applicant’s mastery of a skill or subject matter.
Professionals seeking jobs in cyber security have their hands full. It’s a market moving at blazing speeds. The dynamics are complicated and tough to synthesize. Above all else, the key is to stay current on the latest news in cyber security, track market dynamics, and keep taking courses that help you develop skills valued right now by employers.
Employers need to do their part to really get their minds around what cyber security is all about so they can hire people to do meaningful cyber security work. They can’t rely on the people they hire to figure all this out.
And they need to move much faster and get more aligned on their corporate storyline when they interview candidates. A quick way to turn off a job candidate is to have that person interview four different people within your company who give the person four different stories about what’s important to the business.
Get your story straight. The applicant will be more inclined to work for you if you are all singing the same tune. It eases their minds and shows them your company has its act together. Additionally, even if the role you discuss is not the right match, you’ll earn tremendous credibility and trust with the candidate as someone who may want to revisit joining your team.