There has been a lot of writing about the cybersecurity skills gap that challenges enterprises and government agencies.
I’ve certainly written my share on the subject, including this post of mine from about a year ago, 5 Cybersecurity Gaps That Spell Opportunity In 2016.
However, not everyone agrees that there is a dearth of cybersecurity talent. And a recent hiring event hosted by the Department of Homeland Security (DHS) seemed to dispel some of the myths around it.
In an after-action review of the event, Angela Bailey, chief human capital officer at DHS, shared several lessons the agency gained from the hiring effort. Her observations should be useful to those in the public sector, and to business, as well.
Bailey cited, and dispelled, three hiring myths stemming from this event:
Myth 1: DHS does not have enough flexibility to effectively hire for mission-critical positions. Bailey credited the government-wide direct-hire authority for IT (security) professionals with the success of the event. The agency was able to “hire folks who walked in the door with key skills,” she said.
Myth 2: There is not a lot of cyber talent available for hire. According to Bailey, “over 14,000 people applied for our positions, with over 2,000 walking in the door. And while not all of them were qualified, we continue to this day to hire from the wealth of talent made available as a result of our hiring event.”
Myth 3: You cannot hire people “on the spot.” Bailey said that by having hiring managers, HR specialists and personnel security specialists together at the event, they were able to make about 150 job offers within two days. “Close to 430 job offers have been made in total, with an original goal of filling around 350 positions,” she said.
According to Bailey’s post (which is certainly worth the read) the most important thing organizations should do is, well, simply do it.
“The most important step is the first: set the date. Within two months, we executed an agency-wide hiring event with over 14,000 applicants and over 2,000 walk-ins. By the end of the day, we interviewed over 800 candidates and made close to 150 tentative job offers. The amount of talent available to hire was so great, we stayed well into the night interviewing potential employees,” she wrote.
“While we accomplished all of this in only two months thanks to the dedication of our teams, I would recommend giving yourself six months to plan such an event. Again though, acting collaboratively, deliberately, and quickly with a can-do attitude is the best lesson learned from our experience at the DHS,” Bailey continued.
This is certainly heartening news, as most every conversation I’ve had with CISOs is that they have a very challenging time finding the cybersecurity talent they need.
However, cybersecurity jobseekers – many with decades of experience – tell me that corporations don’t set realistic hiring standards, don’t know how to vet cybersecurity talent and often offer salaries that align more with IT admins than cybersecurity professionals.
Perhaps there is more truth to that than many enterprises wish to admit.