Even though 85% of cybersecurity professionals would consider new job opportunities, it’s getting harder for employers to attract and retain qualified candidates. There just aren’t enough experienced cybersecurity workers to hire, and those already employed are constantly being wooed by recruiters.
Only 15% of currently employed cybersecurity workers are planning to stay put, according to recently completed (ISC)2 research. Among the rest, 14% are actively looking for a new job and 75% are open to opportunities. This means we will likely see a hubbub of activity in the cybersecurity job market throughout 2018.
Employers face an uphill battle. You not only have to try to find skilled candidates in a very limited pool, but also do whatever you can within reason to retain your current cybersecurity workers. Success on both fronts requires a deep understanding of what’s important to cybersecurity workers. What are they looking for in an employer? And what does it take to keep them happy?
What They Value
The study offers valuable clues about what matters to cybersecurity professionals. It’s clear they aren’t motivated by salary, but then they don’t need to be. Since demand for their services is so high, attractive compensation is a given. But what they really value comes through loud and clear in the research:
- They want to be heard, with 68% of respondents saying they want the C-suite to take their security views seriously.
- 62% prefer a company with well-defined ownership of cybersecurity responsibilities.
- 59% view employee cybersecurity training and investments in emerging security technologies as priorities.
Cybersecurity professionals also don’t want to be evaluated by managers on whether they stop a breach. Rather, they believe these criteria are more relevant:
- How quickly they respond to a breach
- How efficiently they handle remediation
- Employee awareness levels
Understanding the mindset of cybersecurity workers is critical to the success of any recruiting effort. Cybersecurity pros are very attuned to the needs and demands of their work, and they look for clues in job descriptions about whether the employer understands cybersecurity. Descriptions that are too vague or demand too much get a pass.
Employers need to get this right because recruiters contact these folks constantly. Almost half (46%) of them are contacted weekly by recruiters, even if they aren’t looking for a job. Nearly a third (31%) of those in an active job search are contacted weekly.
For many, overtures from recruiters happen daily; one out of five (21%) study participants receive at least one recruiting contact daily. And 38% of those actively seeking new employment are contacted multiple times each day.
Despite the huge challenge employers face, there is a silver lining: More than half of cybersecurity jobseekers (54%) are willing to work where a breach has already occurred – an indication they’re confident in their ability to help organizations improve their security.
That’s good for employers to know. Just remember to be upfront about your security situation and show you’re willing to listen to new ideas. Get this right, and the likelihood of attracting a skilled, experienced cybersecurity professional is much higher.