Discover the main issues facing organizations who seek to hire skilled IT professionals.
Hiring the right information security and IT professionals can pose significant challenges for enterprises. The first problem is the scarce talent pool. For example, a Rand Corporation study estimates there are approximately 1,000 skilled cybersecurity experts globally, while the market needs 10,000 to 30,000.
The second issue hampering cybersecurity-hiring systems is a clueless interview process, where talent is herded through arbitrary and disorganized screenings, according to CNBC. Sometimes, InfoSec specialists are forced to endure up to 10 separate interviews, while being evaluated by people who have no security expertise.
Some businesses are turning to cybersecurity-expert-screening-and-recruitment startups. These services test and verify IT professionals’ technical skills and match them with companies seeking relevant IT and security talent. Think of these models as human resources Ubers with an exclusive focus on Cybersecurity solutions. Also, these crowdsourcing-and-sharing services are disrupting the market for cybersecurity consulting firms. The cybersecurity industry standard of annual and semi-annual audits seem inadequate in the face of a threat that is constantly adapting and sleeplessly conspiring to destabilize enterprise networks.
Another more foundational problem afflicting the cybersecurity hiring process is the ambiguity surrounding the certifications and skills needed to get the job done. According to The Institute, an IT-trade publication, there is a void of standardized qualifications that hiring managers can use to inform and guide their candidate onboarding systems. As a result, human resources departments are overwhelmed with a plethora of certifications from nearly two-dozen organizations, convoluting the hiring process.
“Professionalizing Cybersecurity,” a recent report published by Salve Regina University’s Pell Center, found that cybersecurity is composed of 31 different specialties dealing with areas like, information assurance compliance, systems security architecture, and digital forensics, to name a few. Hiring managers would be wise to educate themselves about these newly designated categories of network defense so they can identify the candidates whom best suit their needs.
Another factor to consider is the changing nature of cybersecurity philosophy. In the past, security applications have been focused on perimeter network defense. But, in 2015, cybersecurity specialists like Mach 37 Managing Partner Rick Gordon point to a new consensus among experts that it’s impossible to keep intruders out of enterprise networks. As a result, the industry is placing more emphasis on remediation and response applications.
As the cybersecurity landscape continues to evolve, business can improve their hiring practices in four crucial ways. First off, enterprises need to streamline their interview processes to eliminate HR inefficiencies. Second, businesses need to develop standardized guidelines for the certifications and skills that are most relevant to their information security needs. Thirdly, hiring managers should consider outsourcing the technical screening aspect of the onboarding process to emerging disruptive platforms that know how to leverage the power of the “sharing economy.” But, the wisest course of action for enterprises might be to consider the cybersecurity industry’s new interest in remediation and response solutions.
If efficient containment and data recovery applications are being recognized as the optimal curatives to manage cyber-disruptions and information theft, perhaps hiring practices needed to be repurposed to match this paradigm shift.