We recently checked in with Deidre Diamond, founder and CEO of The CyberSN, which is working to transform employment searching through a technology platform using a common language, in order to simplify the information needed to find and hire qualified professionals, while significantly lowering the cost of talent acquisition.
We recently asked Deidre for her insight on the job market for cyber security professionals and get her advice for companies wanting to hire cyber security positions. Here's what she shared:
Tell us about the mission behind CyberSN. How are you hoping to change the way Cyber Security professionals find jobs?
CyberSN is changing how cyber professionals find employment through the use of technology and services. Our proprietary cyber security common language platform allows our Staffing Directors to accurately understand the role of the open position and the experience of the job seeker. Cyber security is not a technology; it is a vast set of responsibilities that extend across 35 different roles. CyberSN’s technology solves the problem of understanding these roles and responsibilities, and is backed by five-star cyber staffing agents.
What is the job market for Cyber Security professionals right now? Who is hiring?
Everyone is hiring cyber security professionals. The problem is that we are well over 1 million people short of the professionals needed in our industry and few organizations are equipped to train individuals recently out of school. Organizations can’t afford to train because they are fighting real attacks every day and need those with experience. This double-edged problem is making hiring even harder.
What are the major pain points facing Cyber Security pros in how they search for jobs today? What is the cause of these frustrations?
A major pain point for cyber professionals seeking work today is that they are, more often than not, simultaneously employed and looking for a new role. The problem with this are the recruiting generalists who call these professionals incessantly; 46 percent of cyber security professionals are solicited to consider other cyber security jobs (i.e., at other organizations) at least once per week. It is only because these recruiters see “cyber security” on the resume that they reach out to these professionals, without further consideration of their experience or work history. Generalist recruiters have no way of understanding what cyber security professionals do so they call to ask, which is truly inefficient.
Another problem the community faces is low salary budgets, caused by a lack of accurate salary information. Cybersecurity job postings tend to advertise a 9 percent salary premium over IT jobs overall, and even this data is two years old. Because of the lack of accurate salary data, leadership is struggling to pay what the market is baring. Many people spend lots of time interviewing only to lose the job seeker due to low salary budgets.
CyberSN and Chenxi Wang, PhD, Founder of the Jane Bond Project and Former VP at Forrester Research conducted a research study, which included data from 52 organizations on 83 cybersecurity positions, and in that study more than 50 percent of the companies had to increase their initial salary cap to hire. Some roles, like a Cloud Architect, for example, can command 30 percent more than the offered salaries. This is because the lack of accurate compensation information is one of the top challenges in cyber security hiring today.
What about frustrations for companies searching for cyber security professionals? What challenges are they facing when it comes to hiring these positions?
Organizations looking to hire these professionals struggle with the same things: salaries are too low, inadequate job descriptions and not enough talent on the market.
What tools should companies be using to find qualified IT security pros? How can they ensure they're finding people who are the right fit?
There are no specialized tools companies can use to find cyber security professionals other than CyberSN’s job description creator, used with our services today, and our self-service option coming later this year. Companies must use niche organizations like CyberSN to find these professionals.
Our research study also discovered the following: companies on average wait six and a half months to use an outside agency like CyberSN. With CyberSN jobs are filled in one and a half months, on average. There is no value in trying to fill a cyber security position without an organization like CyberSN. One must be connected to the cyber community and have many staffing resources on the project.
How can Cyber Security pros make their job search more effective and more efficient?
To be effective as a job seeker one must be aggressive with reach outs and follow ups, one must go to all meetups and conferences to network, and talk to everyone who will talk. A job seeker never knows who can help them or what others have to offer unless they reach out. Job searching is broken, so job seekers must put in significant effort if they don’t have an agent like CyberSN to help them.
What should these professionals be doing to make themselves stand out in a job search?
There is no need to figure out how to stand out when seeking a cyber security job, unless someone doesn’t have experience. Standing out isn’t the problem; the problem is in those reviewing the resume not understanding what they are looking for and what this person will do on a day-to-day basis. The churn created from this lack of common language between staffing specialists and cyber security professionals is a massive issue.
What skillsets are most in demand within IT security right now? What predictions do you have for in-demand skills looking ahead to the future?
The cyber security jobs that are in most demand are … all of them! Because there are more security analysts in a SOC than any other role, security analysts are in great demand. That being said, security engineers, cloud security engineers, application security engineers, IoT security engineers, security sales engineers and audit/compliance professionals occupy the largest number of roles out of the 35 that exist. My prediction is this won’t change anytime soon and there will be technology that replaces a lot of what security analysts are doing today.
What trends or innovations in cyber security recruiting or IT security in general right now?
The cyber security industry itself is always innovating and creating trends. These professionals are at war every day. They are fighting a fight where they are outnumbered and have very few wins. Our cyber security professionals need to be better understood so that burnout and poor health trends don’t continue. We need to understand, as a community, that cyber security professionals are emergency workers.
Just like the emergency department of a hospital, cyber security professionals are always evaluating to see if an alert is an emergency. Cyber security professionals function at a heightened state of stress. Then, when an alert is real, they move into crisis management mode and are up for days on end—only to be expected to be in the office for an 8 a.m. staff meeting when the emergency is “over”. This all occurs without the attention to care for these professionals. In a hospital, doctors and their teams have places to take naps, replacement staff after a few days, etc. Our cyber security professionals need this same care if we are to win the information security war, and the war for privacy and physical safety.
Looking for your next position in tech? Start browsing jobs today.