Rookies Needed – Experience Required

[ This article was originally published here ]

Are Employer Demands Contributing to the Cybersecurity Skills Gap?

Rookies-NeededYou’ve seen the job posting. It starts, “Looking for a cybersecurity specialist. Must have a master’s degree, certifications and 10 years of experience,” followed by, “This is an entry-level position with non-compensated job shadowing requirements.”

These unrealistic expectations are the obstacles many cybersecurity professionals face once they complete their studies and rigorous exams. It’s an unfair barrier to entry.

Clearly, hiring a person to work in any department in any organization is a risk. It costs money to locate, attract, assess, interview, hire, onboard and train someone, and it’s many months before that person’s true personality and capabilities emerge.

The challenges triple when it comes to hiring for cybersecurity positions. Not only are all of the above criteria required, the candidate is placed in a position of great risk with access to the company’s vital data and operations. What’s more, the cybersecurity industry is in constant motion. While hiring an accounting grad to work in finance requires applying learned skills to established processes, the process keeps shifting in cybersecurity as the threats change and become more sophisticated.

Are employer demands contributing to the skills shortage that continues to challenge the cybersecurity industry? The (ISC)² white paper, Cloud Adoption and the Skills Shortage, looks specifically at how the lack of qualified people is one of the largest impediments to cloud adoption. For an inside look, the report includes feedback from Certified Cloud Security Professionals (CCSPs) on what the industry looks like from their perspectives. The following are key pre- and post-hire takeaways for organizations seeking to build stronger cybersecurity teams.

Be specific. Use detailed, precise job descriptions rather than general phrases like “requires a broad level of skills.” Accuracy will help narrow the field of candidates, which is good for both sides: fewer resumes and interviews to wade through for employers and more opportunity to craft targeted pitches for applicants.

Keep in mind, there’s a big difference between the candidate looking to “fill a position” and one who comes to the company with an understanding of the cybersecurity industry and the specific challenges your individual company faces. Due diligence on the part of the applicant goes a long way toward compensating for the lack of experience that frequently plagues young professionals.

Be human. One of the greatest challenges qualified candidates face in the application process is when their resumes are processed by software that screens for specific keywords and other parameters. Sometimes the screening is done by a third-party organization rather than the company that’s hiring. Although it’s touted as an efficient way to eliminate 80 percent of applicants who may be unqualified, an excessive reliance on keyword-based scanning could disqualify some of the best candidates. The hiring process needs to be less automated and more human.

Give them time. Even after the hiring is complete, it must be understood that new hires will operate at roughly 50 percent to 60 percent productivity for the first several months while they learn the ropes. This includes becoming familiar with the job as well as your company’s technology and unique challenges. Time must be dedicated to ongoing training, development and education for new and longtime staff alike. In cloud security, technologies, policies and threats evolve quickly.

Candidates must understand the employer. The responsibility for a successful hiring process rests on both sides, not just the employer. Cloud security candidates have worked diligently to pass their certification exams, but they also have a responsibility to understand the company where they want to work. They must know how to speak to the managers and executives in a language they understand, which is often more strategic and risk-focused than technical.

The key to a good hiring experience is communication. The more both sides communicate before, during and after the hiring event, the more successful the long-term relationship will be.

Learn more recruiting strategies on building a strong cloud security team in the (ISC)² eBook, Cloud Adoption and the Skills Shortage: A View from the Field.

How CCSP Certification Can Help You

Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity member experts at (ISC)².

Achieving CCSP certification provides the added benefit of membership in (ISC)², the world’s largest nonprofit association of cybersecurity professionals, more than 150,000 members strong. (ISC)² provides members with professional development courses through the Professional Development Institute (PDI); technical webinars covering evolving cybersecurity trends; and benefits, such as the (ISC)² Community and InfoSecurity Professional magazine.

Learn more about how CCSP can help you build the skills you need to stand out in cloud security or get your copy of The Ultimate Guide to the CCSP and get started today.