Businesses are having a tough time hiring security professionals, according to new research from Dice.Infosec pros ranked third on the company\u2019s list of the most-challenging talent to hire, just below software developers (No. 1) and Java professionals (No. 2). Adding to a shallow talent pool is an increase in demand for qualified professionals: Dice job postings for security engineer positions are up 22 percent, while network security jobs are up 19 percent.\u201cGartner predicted that global spending on information security would reach $75.4 billion in 2015,\u201d according to Bob Melk, president at Dice. \u201cWith security breaches and information hacks appearing almost daily in the news, it\u2019s clear that companies need to shore up their security practices with the right talent.\u201dBut companies are facing an uphill battle, says Joyce Brocaglia, CEO of recruiting firm Alta Associates. \u201cAnother reason these positions are so hard to fill is because they\u2019ve become so much more complex,\u201d she says. \u201cBusinesses are looking for candidates with a combination of skills that are difficult to find, and the more senior the role, the more difficult it becomes.\u201d[ MORE CAREER ADVICE ON CSO: 5 ways to kickstart your infosec job search in 2016 ]Key to attracting and retaining the best talent, Dice\u2019s report says, is switching the focus from higher salaries to other job satisfaction markers like housing, commute and work\/life balance. Brocaglia, echoes that sentiment.\u201cPeople will always move for significant salary increases, but that\u2019s not what makes them stay,\u201d she says. \u201cThey stay because of their influence in a company, their responsibilities, position in the org chart and the feeling of making a difference,\u201d she says.Acquiring and retaining the best infosec professionals isn\u2019t always a matter of paying the highest salaries, the experts say. Here\u2019s what businesses need to change to gain a competitive edge in the hunt for talent.1. Don\u2019t search too narrowly.Businesses have a penchant for wanting a very specified candidate, which\u2014when qualified resources are scarce already\u2014narrows the talent pool even more. Instead, Brocaglia says, companies should think outside the box and consider candidates who might not be a perfect match.\u201cLook for people who have a broader experience who can apply that knowledge into the information security organization,\u201d she says. \u201cWe are seeing people coming from data analytics and data scientist backgrounds into risk, for example. These people don\u2019t have a very strong technical background, but have the ability to manage projects and to act as a liaison between the technical staff and the business department.\u201dBlake Angove, director of technology services at recruiting company LaSalle Network, advises against looking for perfection in candidates. \u201cYou can\u2019t expect to get 100 percent of your job requirements,\u201d he says. \u201cLook at candidates that meet 75 percent to 80 percent of the criteria, and be willing to invest in that candidate with training and certifications to get then to a place where they can do the job successfully.\u201d2. Consider your technology portfolio.Take a look at your company\u2019s technology landscape\u2014are you running antiquated or out-of-date systems? Is it difficult to get the approval for updates or new software? To attract the best talent, your company needs to be one where they can hone their skills and learn new ones, Angove says.\u201cYou really need to have some of the more modern technology in place,\u201d he says. \u201cIn order to attract the best talent, they need to know that the environment that they\u2019re walking into will be on the bleeding edge, and a place where they can grow their career.\u201d[ ALSO: 8 tips for recruiting cybersecurity talent ]If that doesn\u2019t sound like your company, temper your expectations, he advises. \u201cUnemployment in the security field is less than 1 percent. Everyone is gainfully employed,\u201d he says. \u201cIt\u2019s going to take an attractive offer to make them move.\u201d3. Invest in employees.While higher salaries might convince top talent to make a move, it\u2019s not what makes them stay, Brocaglia says.\u201cIf companies really want to keep their best talent, you don\u2019t do it with salaries,\u201d she says. \u201cYou need to invest in the individual with leadership development and training, by engaging them, advancing them and fulfilling them\u2014through helping them achieve both professional and personal goals. Building that kind of cohesive and loyal team will outstrip anything you can do with salary alone.\u201dEnsuring that your team feels fulfilled is essential to retention, Angove says. \u201cSecurity professionals want to know they\u2019re succeeding and making a difference. Make sure you\u2019re giving them consistent feedback, either internally or from clients,\u201d he says.Other ways to show you care: Pay for continuing education, like certifications. This gives employees the tools they need to move inside the security space, and helps you build talent with the people you already have, he says.4. Sell the job.With unemployment in the security space so low, one overlooked opportunity in the war for talent is during the interview process, Brocaglia says. Too many companies focus on grilling candidates rather than selling them on the opportunity.\u201cComing from that position of fear doesn\u2019t help the corporation that\u2019s hiring,\u201d Brocaglia says. \u201cYou need to sell them on the opportunity\u2014why your company and team is great to work for and what they\u2019ll gain by joining you.\u201dBe wary, too, of the stakeholders you invite to the interview process. Don\u2019t include too many managers or executives to keep the process moving along, and make sure that the ones involved are on the same page with the job\u2019s roles and responsibilities, she says.