What’s the point in hiring an internal talent acquisition team if you’re going to outsource your recruitment?
It’s a valid question. Internal talent acquisition is a tough job, and a great investment when done well. But can you speak the language of every faction of every department under the organisation’s umbrella? Fluently? That’s too much to ask of anyone, no matter how experienced they are.
Cyber security is no longer a luxury, it’s a necessity. If you don’t invest in your cyber security strategy (which doesn’t just involve your technology, it relies heavily on your cyber security staffing resources), the cost of breaches will far outweigh the cost of an appropriate budget distribution to this area.
So, why should you budget for the cost of using a recruitment consultancy in your hiring plans for cyber security? We’ll explain…
The state of the cyber security workforce
It’s not easy to secure cyber security talent. Cyber security, and recruiting and retaining staff, are the two biggest risks to your business right now. That’s no coincidence.
There is a global shortfall of 3.4 million cybersecurity professionals. If it’s a specific skill set you need, the likelihood you’ll find it through direct recruitment is low.
Sometimes recruitment feels like searching for a needle in a haystack. It can take time and effort. Unfortunately, the situation in cyber security recruitment is worse than this. You can’t find the needles because they’re not there – you’ll struggle just to find the hay. The barn is nearly empty. How do you find the person you need when every organisation, every peer, every competitor, is on the hunt as well? There’s just not enough talent to meet demand, and what you’re looking for isn’t on the market. 43% of respondents in the (ISC)² Cybersecurity Workforce Study (2022) indicated that the reason they have a shortage of cyber security staff in their organisation is due to not being able to find talent. The second most popular reason was staff retention.
If you work closely with a specialist recruitment consultancy, they have access to the talent you’re lacking. Their barns are looking better than most, and they’ve always got a few needles waiting outside, ready to jump in for the right opportunity. Why waste time trying to enter the process by yourself, when you’d save time and resources getting it right first-time around?
Speaking the right language
Do you truly understand what you’re hiring for? What’s the difference between an Application Security Engineer and a SOC Analyst? Do you need resources in incident response or security architecture?
If you’re a Hiring Manager, you’ll know the answers to these questions. However, unless you have a dedicated Internal Recruiter for cyber security professionals, your HR partner probably doesn’t. Everything is teachable, but the likelihood is you need someone, and you need them fast. Having to hold a training session for every role you’re trying to fill is not time or cost effective.
A Recruitment Specialist dedicated to cyber security recruitment will understand your requirements at depth, and grasp this quicker, meaning you can speed up the end-to-end recruitment process. Fewer resources used, less money spent, lower risk to your company through cyber security roles sitting empty.
This will also affect your current staff. Who’s picking up the workload until you’ve got someone to fill the role? Burnout is a very real and current concern in cyber security professionals. Don’t lose more staff in the process of trying to attract new talent.
Advice
Best laid plans.
You might have a clear plan for the team you need to build. However, this doesn’t always match up with the current market.
Recruiters spend their days talking to clients and candidates, like yourself and your prospective talent, about all things cyber security and talent needs. They see what works, they see what doesn’t work.
They understand cyber security requirements within organisations, not just in the present, but also in the future. You might find you’re hit with a curveball further along the line because you hadn’t considered just one small aspect of the cyber security strategy, and the skills you need to recruit for. Recruitment Specialists can help navigate any rocky waters and assist in avoiding any future speed bumps.
A recruitment consultancy does exactly that – they consult. Even if they don’t fill the role this time, having them on board and building a relationship can be more valuable than you first considered.
Network and expertise
As mentioned above, Recruitment Specialists have bigger, more niche networks of the people you will struggle to find. Whether you’re recruiting for a permanent or contract position, chances are you’ll need someone who has the talent at their fingertips, and the skills to bring them in, rather than waiting for it to come to you.
In the current climate, getting to offer stage with a candidate is great, but it’s not plain sailing from there. You need experienced hands to help steer you and the candidate through to completion.
You won’t be the candidate’s only offer, and if you don’t know enough about the cyber security market, what people are being offered, the ins and outs of what cyber security professionals are thinking, you won’t have them in the bag. A cyber security recruitment specialist is the master of this. They’re far more likely to bring it across the line for you than if you go it alone. They can make suggestions based on the current state of the industry, what other organisations are doing, and specifically what that candidate wants and needs; they’ll have got to know them a lot better than if they’d just come to you through your direct recruitment processes.
DIY can be great, but it doesn’t always work out the way you’d planned. When it comes to cyber security staffing, you could save yourself a lot of anguish by forgoing the DIY route, and using the experts from day one.
Ready to talk? Get in touch with Focus on Security, and one of our Recruitment Specialists can start consulting with you straight away.
