Big salaries alone are not enough to hire good cybersecurity talent: What else can companies do? – Help Net Security
Amid the severe and ongoing cyber skills shortages, both cybersecurity firms and in-house IT and cybersecurity departments are struggling to hire enough talented and qualified individuals.
This is sometimes due to budgets, as many organizations have not placed a high enough priority on cybersecurity, despite the growing number of high-profile attacks. But even those who are paying high salaries are finding that generous compensation is still not enough to hire and retain talent in this field. While 33% of CISOs surveyed by ISSA said that salary was the reason they left one organization for another, that doesn’t explain most departures or job switches.
Meanwhile, despite high salaries, many currently employed cybersecurity professionals are feeling overwhelmed and under intense pressure, both because they are often short on manpower and because the stakes of their jobs are even higher now with the increased number and severity of attacks. The ISSA survey showed that 62% of cybersecurity employees face a heavier workload due to their organizations not being able to hire enough workers, and 38% say they feel burnt out.
If money isn’t enough, what else can companies do to attract and keep cybersecurity talent?
Write job descriptions that show off the skills employees will gain, not just what skills they need to apply. Cybersecurity is a rapidly growing and dynamic field offering many opportunities. But the field, by its very nature, requires that the best professionals are constantly learning on the job to keep up with the latest technologies and the latest types of threats and attacks. By letting candidates know what types of things they will learn on the job and what experiences they will gain, a company can set itself apart and offer the added value of professional growth, giving it an advantage in the recruitment process.
Look beyond academic education. Academic degrees in cybersecurity and related fields are no doubt helpful, but they are not the only way to become qualified for a job in the sector. If someone does not have a degree, it does not mean that they will not be an excellent candidate, especially if they have the relevant experience. This includes those coming from military or government backgrounds. In fact, with the rise in state-backed cyberattacks, any level of cybersecurity experience in government or military organizations is a considerable advantage and may be more valuable than those with academic degrees or years of corporate experience. A number of new programs, including one backed by Microsoft, also promise to offer training without necessarily granting degrees; these are also worthwhile credentials for candidates.
Teach and mentor on the …….