The New Cyber Talent Experience

If your ideal cybersecurity professional described themselves on LinkedIn, they might say this:

As an early adopter of new technologies, my passion for technology fuels my curiosity to solve complex problems. I am a systems thinker with confidence in my ability to put things together and learn new techniques while using my competitive nature to fuel my work as well as engage in office competitions. As a natural problem solver and abstract thinker, I tend to look “outside the box” and evaluate challenges from many different angles and perspectives before acting.

Sounds like anyone’s perfect employee, right? But when Booz Allen surveyed 250 senior IT decision makers about today’s cyber workforce, 83% said they have open positions to fill and 72% said it’s a challenge to identify and hire the new types of skillsets such as advanced threat hunters and malware reverse engineers. For years, research has shown that there’s a cyber talent shortage and industry demand is only continuing to grow at a rapid pace. 

Human capital leaders—particularly in government agencies that are experiencing heavy competition for cyber jobs—must throw out the traditional play book when it comes to cyber talent. Gone are the days when college degrees dictated recruiting decisions, or compensation alone could attract or keep employees satisfied. Throughout the employee lifecycle, here are ways to design an out-of-the-box employee experience to cater to today’s unique cyber professional:

1.  Seek out and reward problem solvers. From the earliest interaction, try offering applicants an on-the-spot challenge while testing their ability to solve problems using scenario-based challenges. Throughout their careers, capitalize on employees’ problem-solving skills by allowing them to be a part of strategy, offense, and defense and by fostering a culture that encourages every level of employee to suggest solutions and ideas. Reward these employees for thinking offensively (e.g., manage risk) rather than defensively (e.g., be compliant). Provide them with constantly changing tasks with different levels of difficulty, and present opportunities to work with emerging technologies.

2.  Recognize and foster subsets within the cyber subset. Placing two cybersecurity resumes side-by-side can sometimes feel like you are comparing an apple to an orange. Cyber professionals have a variety of experiences; some may have an educational background in cyber while other may have certifications which are a proxy for proficiency. While it may seem appealing for cyber professionals to be ‘cyber warriors,’ or experts in all areas of cyber, your cyber employees’ diverse backgrounds more likely match the diversity of the cybersecurity field. Recognizing the strength of this diversity can become one of your more powerful weapons.

Booz Allen has found it is much more likely that your organization’s cyber workforce will be composed of three categories with many subsets in each:

• Senior leadership, a rare breed of combined cyber expertise, experience, and leadership who can manage teams and operations;
• Specialized experts, who have deep know-how within a specific group of cybersecurity capabilities, and who often are the center of the cyber talent war; and
• Generalist staff, who are early in their cyber careers or who have chosen a broad role, making them equally high in demand but usually part of a slightly larger supply pool.

3.  Encourage build-your-own career pathing. For most of your organization, established career paths will map to career progression through linear lines of technical experience or managerial ranks. But attracting and retaining cyber professionals requires alternative pathways that reflect the diversity of positions within the field and the innate curiosity of practitioners. For cybersecurity employees, try providing a non-linear career path—one that can be horizontal, vertical, and diagonal. Show cybersecurity professionals a set of attributes that describe how to move forward using their experience, unconventional education, and industry certification. This provides your cyber professionals with flexibility to put the pieces together on their own while using defined career progression opportunities, while increasing your ability as an employer to recruit talent who want to grow with your organization. It also supports cross-training and creates a built-in surge capacity for your cyber teams.

As cyber threats evolve, organizations can stay ahead by recognizing that cyber talent doesn’t fit the traditional mold associated with some other technology jobs. With many human capital, IT and cyber leaders all worried about filling jobs, it’s the recognition that cyber talent is unique which can propel those organizations ahead in developing a competitive and desirable workplace for cyber professionals.

With a focus on “new collar” workers, instead of a prescribed set of requirements, traditional hiring environments such as in federal agencies can benefit from a new pipeline of talent and prepare for emerging security threats that only this unique workforce can tackle.