Saturday, October 30, 2021

How To Write The Perfect Cyber Job Description - 5 Golden Keys To Success

 


There is one thing that we keep hearing about today in the world of Cybersecurity:  The worker shortage, and the total number of jobs that need to be filled.  I have written about this before, and of course, this is no easy topic that can tackled in one fell swoop. 

It’s not just here in the United States, but countries worldwide are facing the same problem.

I can’t speak for these other countries, but I can speak about what is going on here.  The bottom line is that the hiring managers are just too damned picky in what they want in terms of experience.  It’s not to say that having experience is important, but the line here is really being stretched. 

Because of this, there are a lot of good candidates that are simply being swept aside.

This all comes down to the Job Description also affectionately known in the recruiting world as the “JD”.  This is where you spell out the requirements that are needed for the job, or perhaps skills that you could pick up later down the road.  Many recruiters are now starting to realize the importance of how to craft the language of the JD, so here are some tips that perhaps you can use:

1)     Keep it broad:

For most Cyber jobs, there is no need to do a deep dive of all the technical details that are needed.  Forget about the years of technology experience that are required (heck, by the time you post the JD on a career site the chances are that it has already become outdated).  Instead, create an image of the job that will draw in candidates, and yes, forget about the certs.  In the end, what do they really mean?  Seriously?  Stay focused on skills that can be transferred.  Keep in mind this rule of thumb:  For every hard-core requirement you come up with, your candidate pool will diminish by at least 80%.

2)     Create an accurate JD:

Let’s face it, the world of Cybersecurity is a huge one, with many specialties that one could choose from.  So, when you write up your JD, try to make it as accurate as you can in terms of what the daily tasks will be.  And make the title job reflective of that as well.  In other words, make that accurate as well also.  A perfect example of this is the title of “Cybersecurity Analyst”.  This has been used for so many JDs that it is crazy.  In fact, just recently, I saw this title being used for a Pen Testing position. So, if you are looking for a Pen Tester, then put in the JD the title of Pen Tester.  And don’t forget to mention salary, hourly rates, benefits, etc.  Also, if you are looking for specific technological skills, then you need to mention that as well.  But don’t get hung up on just that.  Also put an emphasis on the soft skills that will be needed for the job as well, as Cybersecurity now comes down to in the end the ability to communicate effectively and work well in teams and groups.

3)     Don’t let just anybody create the JD:

In today’s busy and digital world, it is always easy to pass on work to the next person.  Heck, even I can get lazy at times as well.  But don’t do this when creating the JD for a Cyber job.  The hiring manager should be doing this, as this person will know best of what the job will entail.  Never hand it off to an HR person, as they will have no idea how to create it, as they are not experienced in this area.  Instead, take the time to create the JD in your own language, and please, avoid using those templates!!!  After you are done, then have a member of your IT Security team take a look at it for a second, or even a third opinion.

4)     Be descriptive on training:

The one thing that job candidates will always want to know about is what kind of training you are willing to provide to them, and of course, if you will pay for it.  There is nothing wrong asking this, IMHO.  To me, it means that the candidate is serious about their career and wants to advance it as far as they can through the proper educational mechanisms.  So don’t be afraid to mention on those areas in which you will offer training.  Look in the end, you will never the get the cookie cutter candidate, and I am telling this from own experience.  And also, if you mention that you are offering training to some degree or another, you will probably even draw a better pooling of candidates.

5)     Drop the mystery of Cyber:

Unfortunately for the industry, we are marked with the image of the person sitting in a hoodie in a dark room hunched over a computer.  It is important to break away from this mold.  Try to avoid that image in the JD that you create, and keep is as clear and down to earth as possible.  Remember, not every job in Cyber carries this image (except for maybe the Pen Testing ones).  Cyber professionals are just normal everyday people who want to help protect the American society that we live in today.  So try to make your JD to fit that mold.

My Thoughts On This:

Hopefully these few ideas will help you to create a better Cyber JD.  It’s not an easy task, but we need to fill the worker shortage ASAP, before the Threat Landscape becomes so complex that we will not even know where to begin.  Also, give your candidates a chance. 

They will not have everything that you are looking for, but focus on those transferrable skills, and use them to your advantage not only for your company, but also for your newly hired employees as well.

Obviously, there is no guarantee that they will stay or not, but the fact that you will be taking an interest in their career development should yield dividends in the end.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...