Why cyber recruitment needs a rapid overhaul

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Few industries face a skills gap quite as severe as cybersecurity. Currently, there's a crippling shortage of over 4 million cybersecurity experts, and cyberattacks are hitting record numbers. For example, we recently saw the ‘mother of all breaches’ with 26 million records stolen causing widespread chaos.

Considering these challenges, you'd expect recruitment strategies to be adapting to bridge this gap. However, our recent research tells a very different story, with IT and security professionals stating that recruitment processes aren’t fit for purpose when it comes to evaluating the right skills in candidates.

We’re at a real turning point in cybersecurity, and the only way to change the tide is through a rapid overhaul of recruitment processes.

Haris Pylarinos

CEO and Founder at Hack The Box.

The red tape plaguing recruitment

The overarching issue with current recruitment processes is simple: there's an excessive reliance on university degrees as the measure of success for early candidates.

Cybersecurity and IT professionals are calling for this to change. In fact, when we spoke to 3,000 professionals across the US and UK, they made it clear that they prioritize practical skills and experience over traditional education for newcomers entering the industry.

This doesn’t mean candidates with a university degree aren't worthy; it's that businesses are overlooking a hidden pool of talent who don’t have formal qualifications. These individuals are ‘self-taught hackers’ or cyber enthusiasts who upskill through online training, CTFs, or bug bounties.

As a former ethical hacker myself, I've learned the most from hands-on experience and winning hacking competitions. To be successful, you must prove the ability to think outside the box and develop a hacker mindset rather than just a list of qualifications.

So, how can the system evolve with this in mind?

Focus on the practical

For starters, businesses and recruitment processes need to place more emphasis on the industry certifications and practical upskilling methods candidates have obtained when they are pulling together job descriptions, requirements, and reviewing CVs.

When you’re at the interview process it's crucial that the structure focuses on practical assessment so candidates can showcase their expertise and mindset against real-world tactics.

So present candidates with hypothetical scenarios and assess their problem-solving approach. Look for candidates who demonstrate a hacking mindset and an ability to handle high-pressure situations.

Businesses shouldn’t just rely on recruiters and external sources too, if you want the right cyber talent you need to build it yourself by running internship programs and encouraging apprenticeships to nurture the skills of young cybersecurity and IT talent.

Businesses can also consider existing talent within their IT management or engineering teams who might show a talent for problem-solving and cyber, and work with them on a potential career move.

Recruitment can't work successfully in silo

It’s clear there is currently a disconnect between hiring policies and recruitment, and what the cyber and IT professionals want on the ground.

For successful recruitment, it goes without saying that recruiters, HR, and talent teams work with cybersecurity industry professionals to develop effective recruitment strategies and adopt a more creative and practical approach to assessing candidates.

Cyber experts should absolutely be playing a role in creating job descriptions that accurately reflect the actual responsibilities of the role to ensure an appropriate individual is hired for the role.

Don’t forget about your existing team

Plugging the cyber gap is no easy feat and robust recruitment strategies are needed to address it. But this doesn’t mean you should forget about investing in your existing team.

It’s paramount right now for organizations to consider how they are fostering morale, well-being, and boosting talent within their teams.

Our cybersecurity and IT professionals need to be inspired and challenged, and they need a transformative, creative, and engaging approach to upskilling to keep up with the latest threats themselves and enjoy their careers.

Cybersecurity is not only a fulfilling career with opportunities to fend off cyber-criminals and keep businesses afloat but also a lucrative one with ethical hackers earning an average of £58K in the UK and up to $120K.

Businesses need to capitalise on this, and the untapped talent waiting in the wings to join the sector, but to do this, the recruitment process needs a major face-lift. This isn’t a nice to have, it’s a necessity for cyber teams in 2024.

We've featured the best website for hiring niche employees.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Haris Pylarinos is CEO and Founder at Hack The Box.