Hiring these days is a minefield for nearly every sector, but the technology market might just take the cake. The search for cybersecurity professionals, particularly of the entry-level variety, is a serious struggle for IT leaders, compounded by the fact there are an estimated half a million cybersecurity jobs that need to be filled.
If you have first-hand experience with the cyber talent shortage, it might be time to rethink the problem and look beyond direct hires for the solution. We'll look at strategies you can implement and why it might be time to consider working with a service provider instead.
The Fundamental Flaw
Is there a shortage of IT workers? According to the 2021 Harvey Nash Group Digital Leadership Report, almost 60 percent of companies are planning on hiring more technologist to their workforces in the upcoming year. This is an example of the acute need for such talent in the American economy, and how this need will likely lead to an even greater shortage of general IT and cybersecurity talent.
To combat this, corporations such as Microsoft as well institutions like the White House have pledged resources to train and educate the next generation of technologists. But these initiatives won’t bear fruit for several years.
Hiring Cybersecurity Talent in the Present
If your organization is still bent on hiring cybersecurity talent, there are a couple of things to note. First is the reality that there's a disconnect between employers and candidates.
Employers typically look at a cybersecurity job posting much like they would a wish list. What’s more, they do so without considering how an individual who specializes in cybersecurity differs from someone who specializes in networking or systems administration.
This can immediately turn prospective employees off to the job listing. Employees might think that they do not have the necessary skills to meet the requirements or they may feel as though their role won’t be understood or valued by the organization as a whole. To effectively respond to this, companies need to carve out the security division from its other tech roles and ensure the pay scale matches those niche responsibilities, skillsets, and technical certifications.
Furthermore, the cultural viewpoint on work has shifted over the decades, but all the chatter about it hasn’t always clarified to employers what their relative strengths are.
It all boils down to why an employee should apply for a position.
Money is clearly important, but just how much weight does a potential employee put on salary? Would flexible working hours make up fora 10% salary drop? A 20% salary drop? Would the opportunity to work for a cause that people care about (e.g., saving the environment, etc.) make up for a lower salary point?
There is no one answer to these questions because they're subjective to the employee applying and their values, goals, and life situation Still, a good place for employers to start is by talking to their own employees. If they know why people continue to show up day-in and day-out, they can use that information to their advantage and craft job postings that highlight those reasons.
Hiring for any position is more than writing a killer job description. It takes a serious time commitment to sift through applications, identify qualified candidates, and interview people to find someone who can both handle the responsibilities and be a cultural fit in with the team. Once a candidate is identified, there is the offer proposal and negotiation, screenings, and in the end, there is still a chance that time will be for naught and the candidate will turn down the opportunity.
If the time invested isn’t matching anywhere near the quality of results you need, it might be time to partner with the private sector instead. Instead of going through the revolving door of applicants, the IT talent gap can be addressed by working with either contractors or Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs).
Why Choose an MSP or MSSP?
Managed Service Providers and Managed Security Service Providers may be a third-party resource, but the right company essentially combines the best of both worlds. Companies receive robust managed cybersecurity services (along with a whole host of other options) that fit the individual needs of their business and access to elite cybersecurity talent they couldn’t otherwise hire in-house, but they also get the benefits of working with an organization that has experience with a diverse array of businesses.
It’s the latter perk that has made MSPs and MSSPs particularly valuable to their clients. The more situations a cybersecurity professional has run up against, the greater the expertise and understanding of how to handle security incidents. They'll have handled multiple scenarios, from minor hiccups to full-blown threats, and they'll have done it across the spectrum.
Whether it's the latest ransomware threat or a tiny vulnerability in a company’s network, the insider knowledge and technical skills would be hard to match with an employee with a more limited background. Additionally, with an MSP or MSSP, your organization only invests in one contract rather than filling individual roles. This can also lead to added value to the company with additional services such as 24x7 end-user support and mobility management to optimize your IT department’s time and budget.
Fixing the Tech Talent Gap
Cybersecurity is a non-negotiable for companies, but finding the talent for it doesn't always come easily. If adjusting the job listing does little to solve the problem, finding an MSP or MSSP can be a far better decision. (And if you're exhausted by the mere thought of going through another interview, it might be your only decision.)