With global estimates of 3.5 million unfilled cyber security jobs in 2021, companies are struggling to find employees and keep their networks secure from cyber attacks. NetDiligence eRiskHub Manager Micah Howser discusses the state of cybersecurity recruitment today and how to differentiate your company to potential employees with Head of Cyber Solutions and Consultancies at Stott and May, Karl Sharman. Stott and May is a U.K., U.S., and I.E.-based tech-centric cybersecurity recruitment firm.
MH: Karl, thank you for joining us today to talk about cyber talent in the industry. Why don’t you tell us about yourself and Stott and May to start.
KS: Thank you for having me. Companies in the cyber insurance and the services world are probably familiar with me and Stott and May. We are a tech-centric cybersecurity recruitment firm. We help anyone from Fortune 500 businesses to cyber insurers to various service businesses all the way down to a one or two-man shop really ramp up their security operations. It could be client-facing or for the end client. We help them deal with their various talent struggles in the market that we all know today—the difficulty in hiring.
MH: What can you tell us about the demand and supply of cyber talent out in this space?
KS: There is a huge demand for cyber talent, especially during Covid, with huge transformation projects along with fear around ransomware, which we all know is creating a lot of demand, too. People are very fearful of what that all means for their business from a bottom-line trend and what it means to shareholders. Everyone hiring all at once has created a shortage.
What Clients Are Looking For When Recruiting Cyber Talent
MH: What are your clients looking for most frequently?
KS: They’re looking to fill a technical environment. They’re requiring a lot of talent around transformation, including ransomware, which ironically has accelerated because there hasn’t been much transformation yet.
They’re concerned about the cloud, large amounts of data, and how to protect that. Plus, IoT (Internet of Things) and OT (Operational Technology) are expanding. There’s also been a catch-up period during Covid with everyone moving to work from home, and also everyone becoming eCommerce customers rather than in-store shoppers. They worry about instant response and how to proactively protect their clients.
MH: Are there roles, skill sets, or applications you’re looking for?
KS: With Biden’s focus on cyber, there’s a demand for cybersecurity. It’s bringing in a lot of regulatory and compliance demands with an increased focus on privacy to protect the customers. There are also new areas away from the technical side, such as law and PR firms. Whether in-house or outsourced, these services are flourishing and necessary.
MH: What kinds of questions or concerns do you get from the talent?
KS: They are concerned about cultural fit. Today there are only a handful of interviews to judge if it’s going to be a good fit. That’s where we help. We ask the right questions to help find the right fit for both sides.
We make sure it’s a two-way interview and push the company to allow the client to have a good experience. It has to be beneficial for both parties. Candidates are looking at retention rates, if there’s a high turnover of staff, if it’s a place they can grow, what development/career progressions there are, benefits, PTO, 401K, healthcare, and salary. But while salary is important, the candidates are looking for everything else, too. So it’s pretty crucial at the offer stage for a company to differentiate itself from competitors.
MH: What creative differentiators have you seen?
KS: If there are a thousand companies hiring that cloud security engineer, how do they stand out to that small talent pool? We have a whole group that concentrates solely on this.
Seven points of contact are crucial in terms of making a difference. The follow-ups are so important to stay in their face.
MH: How are you adding to the candidate’s experience that’s going to make a difference?
KS: We help the companies create moments to remember. Disney does this, and it’s why customers come back all the time. Although it may not work at the first offer, they may come back again and it’ll save on recruitment costs. It’s $40–60k to recoup one year of recruitment costs including training, bringing people up-to-speed, loss of revenue, and the recruiter fee.
MH: How has it changed for recruiters?
KS: We added services around diversity and inclusion. We help companies make all their job descriptions unbiased and increase talent pools from diverse areas. Cognitive diversity is really important in cybersecurity—different ideas, backgrounds, experiences, you want all those to break down the barriers. With ransomware and risk, it’s a really exciting time to be in cybersecurity. There are a number of things the insurers want companies to do, and the easiest way to do them is to bring security experts in.
MH: What do you see happening in the future in this space?
KS: We have to keep innovating for talent solutions because after ransomware, what then? There wasn’t ransomware a little while ago—it was always about phishing and business email compromise. Those haven’t gone away but there’s always something new. To get ahead of the threats, you need to take in the right partners and make sure we’re collaborating. With how the government is building task forces to work with the private sector, as long as we work together, that’ll be the theme of the next five years.
MH: Karl, do you have any last thoughts to share with our viewers?
KS: If you’re trying to hire, build a referral scheme. The market is large but it is also very small. It’s all about who you know. Networking and referrals are the more affordable way to solve talent issues along with your internal and external methods to build an unforgettable experience.
Watch Micah and Karl’s full discussion on cybersecurity recruitment. If you have any questions about cybersecurity recruitment for Karl, he can be reached at Stott and May. Micah can be contacted at NetDiligence.