What Drives Cyber Recruitment?
Working as a recruitment consultant within Information Security gives me the pleasure of speaking to numerous professionals in the industry on a daily basis. When working with hiring managers to fill the roles they are recruiting for, a crucial aspect of understanding the requirement is really knowing what is driving their need to recruit and therefore the consequences of not securing the required skills.
“What is the reason the business needs this skill set” is a question I will always ask. It could be that someone on the team has left, but then why were those skills needed in the first place and what is the end goal when hiring cyber professionals.
Yes, it is true that the underlying driving force is the growing threat of cyber-crime, but the trigger for actually recruiting people seems to differ from company to company.
For SMEs, I have often found it to be the case that they are becoming aware of the growing threat. They hear about cyber-attacks in the news and are beginning to want to understand how at risk they are. This often leads to the recruitment of skilled advisory professionals, commonly contractors, who can tell the business where they stand against cyber-crime, and educate them on the threats they are at risk to. A strategy and road map will often be put in place, and should the stakeholders buy in to it, an internal team may be developed to run the cyber transformation project, or it could be outsourced.
For larger businesses and multinationals, there tends to be a more of an understanding that their business needs to be protected. I have had CISOs / CIOs say that they don’t want to find themselves in the TalkTalk / Target, and more recently, Yahoo! situation, and that is driving their need to recruit professionals that can work to protect their business and identify attacks and breaches.
Regulation in an industry is always a driving force behind recruitment. Companies looking to reach and maintain PCI / ISO… standards need the skills to get them there. With the GDPR on the horizon, thankfully, businesses are starting to talk about this and are looking to hire the people that can ensure compliance.
The specific need for cyber recruitment of a skill set will vary all the time, from business to business and from situation to situation. Understanding this however is a crucial to truly understanding the requirement.
It would be interesting to hear what the real drivers have been behind any skills you have hired, what a business would hope to achieve by hiring these skills, and what the consequences would be of not finding them…