How to Tackle the Cybersecurity Skills Gap: Part 2

Last time we began a 3-part series: The Top 5 Strategies for Tackling the Cybersecurity Skills Gap.  These strategies were key takeaways from a discussion recently led by Jason Skidmore, CEO of Vernovis, at Cloud Security Alliance: Ohio River Valley Chapter’s Technical Track, The Cybersecurity Professionals Shortage, about the challenges in finding the right (and enough) cybersecurity experts.  This week, we break down tips for Recruiting and Retention.

The Top 5 Strategies for Tackling the Cybersecurity Skills Gap: Part 2 Recruiting & Retention

How long have you been searching for the right candidate to meet your cybersecurity needs? According to recent surveys from ISACA, 91% of hiring managers report problems with filling cybersecurity roles.

In Part 1, we covered several factors exasperating the cybersecurity skills gap including an increased threat landscape, and current cybersecurity professionals leaving the field which is contributing to growing number of cybersecurity job openings.

Below we’ve compiled our top tips for finding and recruiting the right cybersecurity talent for your organization and how to retain the cyber talent you might already have.

Top 4 Tips for Recruiting Cybersecurity Professionals

The recruiting process for cybersecurity professionals typically starts with the hiring manager writing a job description with a skills wish list, degree requirement, and certifications requirements. This is the list that candidates’ qualifications are compared to.  Many times, no matter how good or how diligent the recruiter is, they ultimately come up empty.  Below are four watchouts to help revive your recruiting process and start finding the cybersecurity talent you need.


1. Establish realistic compensation ranges and don’t forget it’s total compensation that matters.

Compensation growth in the field is increasing rapidly and companies must set realistic salary ranges to obtain and retain top talent. According to a salary report by Dice, cybersecurity analysts saw an average growth in salary of 16.3 percent (for an average annual salary of $103,106) over the last two years.  It’s mind-blowing but a reality that must be addressed.


Remember though, salary alone won’t win the right candidates and sometimes other benefits are more important to certain candidates, so be sure to speak about the total compensation and benefits.  While as part of compensation, benefits, flexibility, and rewards are usually cited, training is also typically valued. It’s becoming one of the key reasons why people take jobs today. Be upfront when recruiting new talent about your dedication to investment in training and access to projects.

In addition to the personal benefits, the organizational goals, type of environment and communication among the leadership team and their peers is often just as important as compensation.  If you are proud of how your organization leads, operates, and communicates, use this to your advantage.

2. Re-evaluate job descriptions

Be realistic about what’s needed versus what can be trained and recognize the value of hiring for potential and training for the technical knowledge. Specifically, ditch the degree and multiple certification requirements and give up your rigidity on experience. According to the BLS, over 30% of working cybersecurity professionals don’t have a bachelor’s degree. Senior cyber leaders can help assess transferable experience, as well as trainability which will widen your talent pool and sometimes bring you candidates that are a better culture fit as well.


3. Streamline the process

People Management shares “more than three-quarters (78%) of jobseekers would drop out or consider dropping out of the hiring process because it’s too long and complicated.” If your hiring process requires multiple rounds of interviews and people to meet and various steps, streamline it for yourself and your candidates. Start with evaluating the application process.  Often online job postings require a completion of an application that repeats information already in the resume.  Reduce this friction. In this competitive market, you might be losing candidates before you even see them.


4. Launch a focused recruiting effort

When recruiting for top-tier talent you should take a multi-channel approach. Below are some of the most effective ways to rev up your cybersecurity recruiting efforts.



Focus on utilizing your own talent to help find the talent you need. Most often, your people are connected with other great people who work somewhere else. If you don’t already have one, consider upping the ante with a referral bonus. If you do have a referral program, ensure your team knows about it.


Cross-department recruiting

Allow, or better yet, encourage staff from other departments to apply for your cybersecurity jobs. According to the Global Information Security Workforce Study, 30% of people working in cybersecurity have come from non-IT fields. Consider staff from departments who have the business background to understand risk and the aptitude to learn any technical skills required.


Send your HR team to conferences and events

Get your recruiters into the communities you want to recruit from. Both Cincinnati and Columbus have strong IT communities with conferences and events happening year-round. Consider sponsoring a booth focused explicitly on recruiting!



Top 5 Tips for Retaining Cybersecurity Professionals


Once you do land the right cybersecurity talent for your organization, it’s important to keep them engaged and ensure they feel recognized so that you can retain them for as long as possible. A recent Trellix survey found that over 30% of current cybersecurity professionals plan to leave the cybersecurity field. Lack of appreciation was cited as one of their top reasons for leaving. Here are our top five tips to keep your cyber talent satisfied and engaged.

1. Share the “why”

Cyber security is a critical function in every organization these days. Cyber professionals are on the front lines of this with high stakes and it’s sometimes a thankless job. Be sure to remind them often and let them know that you recognize the importance of their efforts and impact.

2. Introduce Regular Feedback

Giving feedback and taking time to listen to feedback demonstrates recognition, provides a sense of safety and security, and helps them feel empowered.

3. Ensure an Open Culture

The way you introduce regular feedback matters. The method should vary based on the person getting the feedback.  If the employee feels uncomfortable, the entire exercise serves no purpose. For some, it may mean establishing an informal coffee outside of the office.  For others, it may mean a more formal meeting with a document that is clear on expectations or kudos.  Vary the method to have the most effectiveness.

4. Offer Access to Training

We’ve said it before, but we’ll say it again. Training is important! By offering internal training and other educational sources employees will feel better supported and set up for success. They are often overworked and don’t have the opportunity to learn new skills or attend training on their own time.  It’s to your benefit to keep them up to date on the most current best practices, so that they can apply them.

5. Offer Mentoring

Mentoring valuable team members offers them additional opportunities to grow.  Consider mentors from other departments who can give business perspective and context.  This enables them to be better in their current role but also promotes the idea of being a talent catalyst for your people.


In part three we’ll be covering how to capitalize on partnerships, alternate sources, and your personal equity to help you get the right cybersecurity talent for you organization. Subscribe below to be the first to know!

Want the latest updates? Drop your email below!

By submitting this form, you are consenting to receive marketing emails from: Vernovis, 4770 Duke Dr., Mason, OH, 45040, You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact