There is one thing that we keep hearing about today in the
world of Cybersecurity: The worker
shortage, and the total number of jobs that need to be filled. I have written about this before, and of
course, this is no easy topic that can tackled in one fell swoop.
It’s not just here in the United States, but countries
worldwide are facing the same problem.
I can’t speak for these other countries, but I can speak
about what is going on here. The bottom
line is that the hiring managers are just too damned picky in what they want in
terms of experience. It’s not to say
that having experience is important, but the line here is really being
stretched.
Because of this, there are a lot of good candidates that are
simply being swept aside.
This all comes down to the Job Description also
affectionately known in the recruiting world as the “JD”. This is where you spell out the requirements
that are needed for the job, or perhaps skills that you could pick up later
down the road. Many recruiters are now starting
to realize the importance of how to craft the language of the JD, so here are
some tips that perhaps you can use:
1)
Keep it broad:
For most Cyber jobs, there is no
need to do a deep dive of all the technical details that are needed. Forget about the years of technology
experience that are required (heck, by the time you post the JD on a career
site the chances are that it has already become outdated). Instead, create an image of the job that will
draw in candidates, and yes, forget about the certs. In the end, what do they really mean? Seriously?
Stay focused on skills that can be transferred. Keep in mind this rule of thumb: For every hard-core requirement you come up
with, your candidate pool will diminish by at least 80%.
2)
Create an accurate JD:
Let’s face it, the world of
Cybersecurity is a huge one, with many specialties that one could choose
from. So, when you write up your JD, try
to make it as accurate as you can in terms of what the daily tasks will be. And make the title job reflective of that as
well. In other words, make that accurate
as well also. A perfect example of this
is the title of “Cybersecurity Analyst”.
This has been used for so many JDs that it is crazy. In fact, just recently, I saw this title
being used for a Pen Testing position. So, if you are looking for a Pen Tester,
then put in the JD the title of Pen Tester.
And don’t forget to mention salary, hourly rates, benefits, etc. Also, if you are looking for specific
technological skills, then you need to mention that as well. But don’t get hung up on just that. Also put an emphasis on the soft skills that
will be needed for the job as well, as Cybersecurity now comes down to in the
end the ability to communicate effectively and work well in teams and groups.
3)
Don’t let just anybody create the JD:
In today’s busy and digital world,
it is always easy to pass on work to the next person. Heck, even I can get lazy at times as
well. But don’t do this when creating
the JD for a Cyber job. The hiring
manager should be doing this, as this person will know best of what the job
will entail. Never hand it off to an HR
person, as they will have no idea how to create it, as they are not experienced
in this area. Instead, take the time to
create the JD in your own language, and please, avoid using those
templates!!! After you are done, then
have a member of your IT Security team take a look at it for a second, or even
a third opinion.
4)
Be descriptive on training:
The one thing that job candidates
will always want to know about is what kind of training you are willing to
provide to them, and of course, if you will pay for it. There is nothing wrong asking this,
IMHO. To me, it means that the candidate
is serious about their career and wants to advance it as far as they can through
the proper educational mechanisms. So
don’t be afraid to mention on those areas in which you will offer
training. Look in the end, you will
never the get the cookie cutter candidate, and I am telling this from own
experience. And also, if you mention that
you are offering training to some degree or another, you will probably even
draw a better pooling of candidates.
5)
Drop the mystery of Cyber:
Unfortunately for the industry, we
are marked with the image of the person sitting in a hoodie in a dark room hunched
over a computer. It is important to
break away from this mold. Try to avoid
that image in the JD that you create, and keep is as clear and down to earth as
possible. Remember, not every job in
Cyber carries this image (except for maybe the Pen Testing ones). Cyber professionals are just normal everyday
people who want to help protect the American society that we live in
today. So try to make your JD to fit
that mold.
My Thoughts On This:
Hopefully these few ideas will help you to create a better
Cyber JD. It’s not an easy task, but we
need to fill the worker shortage ASAP, before the Threat Landscape becomes so
complex that we will not even know where to begin. Also, give your candidates a chance.
They will not have everything that you are looking for, but
focus on those transferrable skills, and use them to your advantage not only
for your company, but also for your newly hired employees as well.
Obviously, there is no guarantee that they will stay or not,
but the fact that you will be taking an interest in their career development should
yield dividends in the end.
No comments:
Post a Comment