UK’s biggest cyber-hungry employers revealed

Competition for security talent in the UK is fierce, with the big four accounting firms all on a hiring spree.

now hiring neon signs recruiting
Getty Images

The job market for cybersecurity professionals is a highly competitive place for recruiters. The unemployment rate of cyber-pros is estimated to be zero, and high demand means it is a ‘sellers’ market’ for those with the right skills.

ISC2 reports that the EMEA region has a security staff shortage totaling more than 140,000 people, while at the same time 46 percent of current cybersecurity professionals are contacted weekly by recruiters, most of whom would consider switching jobs if the right offer came along.

With competition fierce, what can companies do to make their companies appealing to new recruits and keep the staff they already have?

Big enterprises on the hunt for cyber talent

It’s a good time to be a job-hunting cyber professional in the UK. Job site provider Indeed reports that it has seen a 15 percent increase in cyber postings per million vacancies from 2017 to 2018.

Indeed also recently revealed the UK’s top cyber recruiters, with the ‘Big 4’ accounting firms dominating the list. KPMG was the keenest recruiter in the security space; just under six percent of all its job postings are for cyber roles. Five percent of job openings at PwC were in cyber, while a little under two percent of roles at EY and Deloitte were cyber-related.

Large financial (Hastings Direct, Aviva, Capita, Barclays, JP Morgan Chase), telecoms (Vodafone, BT), defense (Airbus, Raytheon, BAE), and consultancy (Capgemini, Wipro, NTT Security) firms are all on cyber-hiring sprees. Sainsbury’s was the only retailer on the top 20 of the list.

IT security specialist was the most in-demand role, followed by security engineer, security consultant, information security analyst, and IT auditor.

“Cybersecurity is a high priority and focus area for Vodafone so we offer an opportunity for cybersecurity professionals to really make a difference,” says Emma Smith, Global Cyber Security Director at Vodafone Group. “We continue to strengthen our cybersecurity capabilities by hiring, developing and training our in-house cybersecurity team for prevention, detection, and response.”

Kevin Brown, Managing Director of BT Security, says it’s hiring for talent in cyber to support the telco’s global operations as well as providing security solutions to business customers:“We’re hiring for a wide range of roles across both those areas and we are recruiting from a wide spectrum of capabilities: experienced, technical security staff, to new graduates and apprentices, to experienced hires who may not have experience in Security but have the aptitude and attitude to work in this industry.”

Companies need to get creative with security recruitment

In a recent survey, ESG found that 44 percent of cyber professionals are solicited to consider other jobs at least once per week, while Censornet says 72 percent of security professionals have admitted they have considered leaving their role due to insufficient resources. This adds up a market that is desperate for talent that can and will move to roles of their choice whenever they choose to do so.

“Everyone in the industry is looking for talent and some are even getting highly creative about it,” says Kai Grunwitz, Senior Vice President EMEA, NTT Security. “NTT Security has successfully started several initiatives to attract talent such as open house or recruiting days where candidates can visit our events and have job interviews. We have partnerships with universities and give lectures to students, and to be independent from recruiters and be more flexible, we have our own talent acquisition managers. In addition, we have created a special task force for women in cybersecurity, including our own awards for talented women in the cybersecurity industry.”

A number of companies are looking beyond traditional recruitment to find talent. At a recent Cyber Security Challenge Masterclass hosted at its London HQ, the head of Barclays’ Cyber Security Operations Centre, Paul Gillen, told CSO that events such as the Cyber Challenge, hackathons, capture the flag contests, and other competitions were “incredibly useful” for encouraging people into the industry, as well as a good way to spot up-and-coming talent.

Diversity of thought & good culture key to gaining talent

Given the tight fight for talent, companies need to offer more than just fat pay packets to be seen as an appealing place to work. To achieve this, organisations should strive to instill a security culture that cyber professionals will feel at home in.

“KPMG prides itself on being a high-performing organisation; we want high-performing individuals,” says Mark Parr, CISO at KPMG UK. “We want those that are the very best at whatever it is they do. So, to attract those people, to become that talent magnet, we have to have the right culture.”

As with many companies looking to fill cyber -roles, KPMG is keen to expand the talent pool the company can draw from. As someone who had a long career in Britain’sthe UK armed forces, Parr is understandably keen to help ex-military personnelpersonal into the workforce but also wants people from all areas of life to join.

“Diversity of thought is really valuable, and I want to attract more individuals into information security that have that diversity of thought,” he says. “Not just focusing on females and the BAME community, that is about people with different perspectives, people with different views, and people who come from different backgrounds.”

“We've got a great example right now, a young lady who's joined the organization. She joined KPMG having been a vehicle mechanic in the army, she fixed tanks, she then left the army to become a mother, to have three children, and is now starting to build her career in cyber in our threat intelligence team and is absolutely forging a fantastic career.”

Focus on making staff better to make your company appealing to cyber-pros

Nobody wants to feel like their career is growing stale, especially in an industry as fast-paced and ever-changing as cybersecurity. Unsurprisingly, then, facilitating self-improvement and career advancement is a key part of attracting and retaining talent. According to ESG’s most recent Life of Cybersecurity Professionals report, 20 percent want a mentor or a career coach to help them progress in their career, while providing support to enable career advancement is the biggest factor for determining job satisfaction.

Parr says continual improvement is a key part of KPMG’s work culture to the point where he wants them to be challenging for the role of CISO:. 

“My aspiration is everybody who has a cybersecurity role at KPMG should aspire to take my job. Not just yet, I'm not ready to go just yet. But they should all have a view, even if they have been coming in at the associate level, they should all want my role.”

“I find it really rewarding when I look at some of the individuals that we've brought into the organiszations through things like the AWS re:Sstart program. We've brought some great young talent into the organiszation that are absolutely going to be doing my role in 10-15 years.”

Likewise, BT Security’s Kevin Brown says the company’s investment in continual improvement is one of the reasons it should be appealing for cyber professionals: .

“We offer great development opportunities within our teams, and we have a strategic, long-term programme to develop and promote people internally to support the growth of our security business. We encourage them to develop their capabilities, skills, and certifications, and provide opportunities to enable our people to progress in their careers.”

“BT Security also remains technology agnostic, which offers cyber professionals a platform to continually grow their knowledge and skills across the entire security ecosystem.”

Vodafone is also placing values on having a diverse and appealing workplace for its security staff.

“We value security expertise, curiosity, and passion,” says Vodafone’s Smith. “We foster an environment where people feel they can be themselves, and we believe diversity and inclusion is a basic human right, it’s good for our business and the right thing to do.

“We are aiming to be the best employer for women by 2025. Vodafone is currently in the Times Top 50 Employers for women in 2019 and we have very good gender balance in graduate recruitment (50:50).”

Copyright © 2019 IDG Communications, Inc.

The 10 most powerful cybersecurity companies