INSIDE THE 
NEWS + ADVICE
6 Unique Things About Recruiting for Cleared Cyber Security Positions
Recruiting successful hires can be challenging in any industry, especially in a competitive market where there are more job openings than qualified job seekers. That’s right, we’re talking about cyber security—the field that’s famous for its “talent shortage” tagline.
We all know the market for qualified cyber security talent is tight, but how does that impact you as a recruiter, besides making your job harder? Let’s take a look at some of the ways cleared cyber security recruitment is unique and how to make the most of those differences in your recruitment strategies.
1. A Fast Recruitment Process Is Necessary
Cyber security jobs take 20% longer to fill than other IT jobs, which are already among the hardest-to-fill jobs in the market according to Burning Glass Technologies. Add a security clearance requirement on top of that and you’ve just increased the challenge. However, just because cyber security jobs take longer to fill on average doesn’t mean you should be comfortable with things moving slowly.
The tight market that’s influencing that increased time to fill period is the very thing that should push you to speed up the process where you can. You need to be ready to prioritize your cyber security candidates and move quickly. If you don’t keep them interested and sweep them off their feet, you can be sure your competition will.
Set yourself up for an efficient process from the start by making sure your decision makers are available. If you’ve sourced a terrific candidate but the hiring manager isn’t available for interviews for several weeks, that candidate may move on to the next interested employer. They may even have multiple offers to consider, so speed up your processes wherever possible to keep your candidates engaged.
2. You Need to Network More
Networking is always helpful for building a talent pipeline—but when it comes to cyber security recruitment, it’s essential. Because of the talent shortage in the industry, you can imagine the best candidates are employed somewhere else already. Even worse, you may be trying to find candidates that are familiar with a technology that’s only existed for a relatively short time.
At the rate that technology advances and cyber security tools evolve, you need to constantly refresh and cultivate your talent pipeline. You can’t be passive if you want to find a pool of cyber security candidates that meet all of your contract requirements.
Think about where your target candidates go to get training and keep up with the most recent advances in technology. Consider attending targeted industry meetups, cyber security conferences, and Capture the Flag competitions to find people with the skills you’re after. You can often find the cleared cyber security talent you seek at security conferences in the DC metro area such as BSidesDC and BSidesAugusta.
As you meet cyber security professionals, either at community events or through your application process, remember not to throw back the little fish. Most applicants won’t meet all of your requirements, but they may have the perfect skillset for your next opening. It can be time consuming to build a solid cyber security network, but it will help even the playing field the market has dealt you.
3. Candidates Expect Knowledgeable Recruiters
Cyber security spans many industries as well as many types of security like red team, blue team, white hat, and black hat. You won’t likely have expert knowledge in every cyber security position you recruit for, but educating yourself on the basics and core requirements will help you better communicate with the tech talent you’re trying to hire.
“Between conferences and social media, there is a role for recruiters that goes beyond posting jobs and standing at a booth,” says Kirsten Renner, Senior Director of Recruiting at Novetta, now an Accenture Federal Services company. “As important as those functions are, being a genuine contributor of content to your target audiences is key to meeting talent, even if that is just asking questions and learning!”
Immersing yourself in the cyber security community through events and online forums, not only gives you an opportunity to expand your network of potential candidates, but it also helps you learn how to speak their language and engage them better.
You’ll have more credibility with cyber talent if you know the terminology and have a passing knowledge of the technology and tools. “It’s very important to be knowledgeable when talking to cyber security candidates,” says Jessica Mathias, Director of Talent Acquisition at Core4ce. “They will know immediately if you don’t understand the job for which you’re recruiting them.”
“Do your research, which begins by talking to the Hiring Manager to get a basic understanding of the job,” urges Jessica Mathias. “Follow cybersecurity companies on LinkedIn and read relevant articles and books. There’s a lot of great information at our fingertips. If you want to make yourself stand out – do your homework and be knowledgeable about the job when chatting with a candidate.”
It’s a team effort on both sides of the table. Cyber candidates need to come out of the weeds sometimes and convey their value without too much technical jargon. But the best recruiters will make an effort to meet them half way. Doing your homework to facilitate these conversations will help you find what you’re looking for, while also providing a positive candidate experience.
4. The Stakes Are High for a Good Job Posting
With all the cyber security openings that are available to job seekers, it’s important to take a hard look at your job postings. It’s a fight for talent and you want your job posting to help you win, by at least piquing a candidate’s interest so you can get another chance to sell them on the job.
“Candidates are always talking about how terrible so many of the job posts are out there,” says Kirsten Renner. “We can and do provide them with advice about how to get through and around that obstacle, but it is incumbent upon us, the recruiter – the front line, to look open mindedly at the experience and qualifications on resumes, and be open to discussing how they may align to the requirements, even when not an exact match.”
At minimum, employers need to re-examine what skills are needs versus wants. In cyber security it’s possible for someone to be qualified technically without a degree or formal training. There are many paths to becoming a capable cyber security professional, and not all are traditional.
Too many job postings in the cleared community are simply copied and pasted or pulled straight from the government contract award. While you can’t change the requirements of the job, you do have some flexibility in how you choose to advertise it. So make sure you really boil down the requirements to those that the contract truly requires.
It’s helpful to ask questions about candidates’ home labs or competition experience. You may find a wealth of information in their extracurricular activities if you’re willing to discuss something that may not be immediately apparent on a resume. But before you get the chance to ask such questions, you need that candidate to apply, and not count themselves out because you included unnecessary requirements in the job posting.
You need to build your job postings while keeping in mind the people that actually exist. So do some homework to make sure you’re not asking for five years of experience with a tool that has only existed for a year. Don’t call a position that requires a CISSP “entry-level.” Put some work into your descriptions to ensure you’re not turning coveted candidates off to your position and pushing them towards another.
5. You Need to Really Sell the Job
Don’t miss an opportunity to sell your job. From the job posting language, to each conversation that you have with a candidate, try to stand out. What makes your company unique? Why would a candidate want to work there? Think about the positive aspects of the job and your company that you can sell them on.
What’s the buy in? Will you support their continued education with tuition reimbursement, subsidize technical certifications, or pay for them to go to cyber security conferences? Do you provide time off or travel expenses for those things? Be the driving force that is ready to seal the deal and keep candidates interested.
6. The Salaries Are Competitive
The current state of the market can make it not only difficult to hire cyber talent, but also costly. It’s simple supply and demand—and money talks. If you’re recruiting someone that already has a senior position somewhere else, be prepared for counteroffers.
Often a company’s inability to be decisive with an offer can result in the loss of a great candidate. Be prepared with industry information on salaries, perks, and growth potential. Know the department or contract budget and what leeway there is in salary or benefits negotiation. While salary plays a large part in a candidate’s decision, it’s not everything. So don’t neglect selling them on the other aspects of the job that could be the deciding factor.
Recruiting cleared cyber security professionals is a tall order, but you can be successful if you employ the right tactics. Know the market, understand what your target audience responds to, and keep putting in the work.
