In a competitive market for skilled candidates, Combs suggested it doesn’t hurt to take a dose of reality when it comes to your expectations for hiring. Begin by taking a hard look at your interview process.
“Most organizations have an interview process that is too long, with a lot of redundancy, and it’s low-touch,” Combs said. “They rely so much on technology for applications, but you can’t do that in security. It’s too sterile. If you want to be successful, then you need recruitment with real people who move quickly to communicate.”
Combs suggests testing your interview process so you know what the process is like as an outsider. The timeline should be a consideration, too. Investing time in finding the right person is OK, but it should be reasonable, Combs said.
“As long as you drag your feet, the candidate is going to have other options and ultimately may choose to go elsewhere. And in this market, they can,” Combs said.
We are in a state of deep technical debt in security, and there’s no hiding it. Almost all of the threats our peers were warning management about a decade ago are now the realities we face on a daily basis. Because security wasn’t seen as essential — and because the pipeline wasn’t created in colleges and universities — we’re facing a hiring shortage today. Perhaps most importantly, since no education can prepare a student for the real world, training is our only option to fix the problem.
Only a few organizations can afford to pay the salaries required to hire the top talent in our field. The rest of us need to train people internally and help our new hires develop the skills we need them to have. Using training and promotion as an incentive to hire and retain employees seems to be a logical solution — even if it’s going to take long-term planning to make it effective.
IANS Information Security Forums offer an immersive, two-day experience built around actionable, deep-dive technical and leadership sessions all delivered by our faculty of world-renowned security experts. Join us for sound, unbiased, research-driven advice on the top-of-mind information security threats and organizational concerns facing today’s enterprise security leaders. At an IANS Forum, you can -Attend hands-on, prescriptive roundtable sessions on security technologies and strategy -Hear top industry keynoters share thought-leading insights on information security trends -Connect with industry peers and share best practices in an intimate and confidential setting -Discover emerging technologies with real-world applications in a pressure-free environment