INSIDE THE 
NEWS + ADVICE
15 Major Companies Adopt New Recruiting Strategy
Exciting changes are currently taking place in the recruitment space, as 15 major employers commit to build a stronger cyber security workforce pipeline. This new effort spearheaded by the Aspen Cybersecurity Group looks to address our nation’s shortage of needed cyber security professionals, through improved job descriptions and reduced hiring bars. This initiative is a step towards a future in which our community is rid of unnecessary barriers that make it difficult for employers to hire the talent they need.
In the current state of the cyber security market, time to fill is high and it often seems like there just isn’t enough talent in the pool to successfully recruit from. In fact, cyber job postings have grown 94% since 20131. But the number of qualified job seekers in the field hasn’t caught up with demand, and businesses and government agencies struggle to fill cyber security roles. However, cyber adversaries aren’t waiting for us to catch up. The ability to secure and defend is critical to our national security and has far reaching implications for us all. Aspen Cybersecurity Group’s plan to trim job posting requirements and build a stronger workforce is not only nice, it’s necessary.
Employers including Apple, Google, IBM, Northrop Grumman, and many more, have committed to help lead the way. Here’s what they plan to do and how you can follow suit:
1. Widen the Pipeline
These companies aim to expand their recruitment focus beyond professionals with bachelor’s degrees. Currently, “over 80% of cybersecurity job openings request at least a bachelor’s degree2” or three or more years of experience. But job requirements such as four-year degrees can “disqualify more than 50% of applicants.3”
Keep in mind that not every cyber security professional takes the same path to their career. And lack of a formal degree does not immediately discount a candidate’s abilities or real world experiences. For example, IT roles are more closely aligned than you might imagine, as many include cyber security functions or tasks. When paired with extracurricular experiences from home labs, competitions, or certifications, you might find a qualified candidate that would previously be overlooked because of barriers to entry in the form of degree requirements or a specific background.
We can further widen the pool by writing job descriptions with non-gender biased language to appeal to more diverse applicants3. Research indicates that unconscious bias is readily evident in postings, which can deter female candidates from applying. By rethinking commonly used language and focusing on more gender-neutral wording your company can better attract a more diverse group of candidates.
2. Improve Job Postings
These 15 employers have also committed to create engaging job postings that focus on core requirements, while trimming those that are unnecessary. “Many organizations are leaving large pools of skilled candidates untapped, in part because of overly complex job requirements.3” So exercise some restraint when listing qualifications in your job postings. And limit your must haves to those that are truly musts.
While you can’t change job requirements awarded from government contracts in the cleared community, you do have some flexibility in the way you choose to advertise them. And as efforts like this gain momentum, hopefully we’ll see changes from the top down, as government agencies face many of the same obstacles.
You can list skills that are nice to have but make it clear that they’re not required. Otherwise you risk limiting your pool of applicants. For example, data on CyberSeek.org shows that there are 112,428 job openings requesting CISSP certification and only 84,802 people that actually hold that certification. If it’s not a necessary requirement, consider removing it from your job postings, as qualifying candidates are scarce in proportion, and also come with a salary premium—another effect of supply and demand.
Naturally, we can’t cut all requirements, cross our fingers, and hope qualified candidates suddenly emerge. Employers will need to evaluate which requirements remain essential and also how they can train existing employees to close skill gaps and move into hard to fill positions.
3. Create Accessible Career Paths
The final commitment is to make career paths transparent and accessible. The Aspen Cybersecurity Group notes that models like the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework can be referenced to help employers accomplish this goal. In particular, “Verizon is widening the talent aperture through targeted recruitment of underrepresented minorities, using the NICE Workforce Framework to simplify and tailor job description, and aligning internal training to the NICE Framework.3”
If employers have a clear model or path outlining the tasks involved and skills needed for a particular position, they can better identify and train talent accordingly. Making career paths transparent can also aid retention in the long run. Professionals want career paths and progression, which often leads to job search at other companies. However, if they can work towards that progression in their current place of employment why not stay? While it’s easy to set our sights solely on recruitment initiatives, don’t neglect retaining the talent you’ve already secured.
Looking Towards the Future
Workforce shortages are intimidating, but it’s vital that we face the challenge together and work to remove the barriers that impede our way. The 15 companies committed to this effort are commendable for trying to move the marker towards a more inclusive workforce.
