Hiring scarce security talent: 8 secrets to working with recruiters

Recruiters can be a valuable resource, especially when you're looking to hire for specialized and in-demand skills. Here's how to make the most of the relationship.

A man looks through a magnifying lens at a group of figurines.
Ivan Balvan / Getty Images

Alex Holden has a problem that plagues most other CISOs: he’s almost always short staffed and looking to hire.

Holden, CISO at Hold Security LLC, says he’s typically looking to fill several positions, due to openings created by both expansion and regular turnover; late last year, he was hiring for eight slots.

“I don’t remember a time when we weren’t looking for information security professionals; looking for talent is an ongoing activity,” Holden says.

Although many CISOs resist using recruiters due to costs and other concerns, Holden says he often turns to recruiters to help him find top candidates. He says recruiters are particularly valuable resources when he’s looking for highly specialized talent or skills that are in exceedingly high demand.

“Unless you’re promoting from within, it’s very difficult to find those people, so we look to recruiters who have connections and more access to the market to bring in those candidates,” Holden says.

The 2019 State of Cybersecurity report from ISACA, an IT governance organization, quantifies the degree of difficulty that many CISOs have hiring, with 58% of respondents saying their organizations have unfilled cybersecurity positions. A third of respondents say it takes six months or more to fill those open positions. Meanwhile, ISACA in its Tech Workforce 2020 Survey that 70% of tech pros would consider changing jobs within the next two years and are considered “in play” for being recruited.

The exceedingly tight market for cybersecurity talent is forcing many CISOs to put more effort into hiring, which is part of what pushes Holden to work with recruiters. Holden, however, says recruiters can offer more value than compiling resumes. He says recruiters, when treated like partners, can help maximize the returns on the investment that he and his company make in hiring while also providing insights into market trends.

Others offer the same observation, but they, like Holden, say CISOs need to cultivate that partnership to get that best value from their recruiters. Here’s what they say it takes to make the most out of working with recruiters.

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022