×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Guest Podcast: Why is Security Recruiting so Broken?

Cybersecurity recruiting challenges: is there truly a lack of applicants, or are employers looking in the wrong places? CIS Senior Vice President and Chief Evangelist Tony Sager joined Geoff Belknap, CISO for LinkedIn on the Defense in Depth podcast hosted by David Spark. Read on for notes on their discussion.

Are Qualified Cybersecurity Candidates Falling Through the Cracks?

With the growing reliance on technology, qualified cybersecurity professionals are greater demand than ever. It is imperative that companies target the right candidates and act quickly to hire them before their competitors do. To find applicants that match their criteria, online job boards seem the most effective way to search for candidates – or are they??

Belknap mentions, “…there's a bunch of stuff these recruiting tools do under the hood. [They collect] metrics and help hiring managers understand who are good or bad. Unfortunately, it has the side effect of really excluding a lot of really qualified candidates from consideration."

Sager adds that this is a systems problem, not a component one. How we ask for applicants and how applicants search for jobs need to align better.

The Application Process

The lack of job posting/searching standardization hampers accurate screening for applicants. There are two major cases where standardization should be improved:

  1. The frustrating process of an applicant applying with their resume, then having to to re-enter all their information on the company website. Each website and application is different, the process is long, and most give up.
  2. Needing to match keywords between the job board algorithm and the applicant’s resume. There are no standard terms used by all companies. Applicants need to be able to craft their resumes using common terms that algorithms will find. If the words don’t match, they are rejected.

Long application processes and keyword mismatches are two simple things that can be changed by a company and garner more successful hires.

Missed Opportunities

Limiting the assessment of a candidate, or an existing employee for that matter, to their basic functions and knowledge can lead to missed opportunities for a company. Job postings that use the same search criteria lead to a homogenous team and an increase in groupthink. Also, a company should want an employee to be interested in facing new challenges beyond their existing experience. Rejecting a strong employee based on their current job function could prevent the company from taking advantage of new ideas and innovations.

The assumption of one’s qualifications based on education is also not the best way to screen a candidate. Many in this industry are self-taught or have run start-ups out of high school. While education is important and not to be discounted, experience and soft skills can be highly valuable traits in an employee as well.

A Better Way to Screen a Candidate

Sager points out, “…when we say we have a hiring problem, that doesn't mean it's up to the hiring department to fix the entire problem." It takes true effort and preparation when recruiting for a new employee. Here are some tips:

  • Work closely with your HR department or recruiting company. The more they understand the position, the better their recruiting efforts will be. Make adjustments when necessary.
  • Don’t be exploitive with your screening exercises. Don’t ask a candidate to test for hours; they won’t do it and you won’t want to review it. Offer a test that takes no more than 30 minutes and ask for their thoughts on the problem they are solving. It shows their competency as well as their creativity.
  • Research and choose keywords carefully that work with the current trend of positions and experience.
  • Don’t hunt for unicorns. We all want the best, but don’t ask for so much that no candidate can live up to the requirements. For example, asking for 10 years experience when the type of job was only created five years ago.
  • Keep the human in “HR." While technology is great at helping with the initial search, the human element creates a truly good match. Use phone screenings to get to know a candidate better before ruling them out.

There are many qualified candidates out there looking for work. Employers just need to work harder - and smarter - to find them!

Resources