The challenges of recruiting senior cyber-security experts

Wednesday, January 18, 2017
With the UK government recently announcing that it is putting greater emphasis on cyber-security by spending £1.9bn on protection, the challenges that recruiters face in the cyber sector have just got bigger.
There's no doubt that the pressure is increasing in both the private and public sectors to raise the game on cyber-security. On the corporate front, safeguarding the infrastructure of a company's systems and online presence has become one of the highest priorities. Being able to plan business critical requirements for keeping abreast of new threats and technologies, is the domain of a gifted few strategists worldwide so the statistics say.
This means that the cyber sector skills gap is very large and there's an ever-growing demand for cyber-security talent. Unfortunately, supply of expertise cannot meet the huge demand and the sector will continue to see the skills gap grow. The necessity for cyber professionals is growing at a rate four times faster than the IT sector, with a 68 percent global shortage, according to a survey carried out by Cybrary's 2016 Trends Report.
As far as the UK is concerned at least, until the government begins investing in shortening the cyber skills gap, recruiters like myself must be resourceful, patient and discerning. When it comes to fulfilling the cyber-security personnel requirements of so many companies, from a such a small pool of experts, we must be tenacious.

Finding the right candidate
Making a senior appointment always requires careful planning. Whether it's a new chief security officer, chief financial officer or sales and marketing director, these roles call for shapers and strategists.It demands a more rigorous and structured search strategy. 
In the cyber community, given that there is a limited pool of expertise to choose from, many companies prefer to engage an external consultancy like ours to manage the search process. From our experience, it entails extensive research, tapping into a network of referrals and recommendations, along with a thorough understanding of the client organisation's needs, culture and growth aspirations.
When this foundation has been established, then on the counter-side, we need to approach and negotiate with a well-researched candidate. We are tasked with making these approaches with the appropriate motivations on offer. For this stage of proceedings, we have learned that we need to be creative in our approach, armed with the correct data and able to make an offer in the language that the candidate will respond to positively.
It's also important to consider that professionals at the top of their game may not be considering a change of career, or they know that they are very valued just where they are and prefer to stay there.
Furthermore, they may realise their real value in this tight market and may want to play hard-ball which tests all our skills as negotiators.
Making the approach
This means any approaches must be well tailored and not necessarily conventional. As recruiters, we must differentiate ourselves in the market to find the expertise and talent, talk to them, persuade them to consider an offer when they're in such high demand.
For the Metzger team, that means being professional, honest, transparent and being part of the process from the offer to the change of role. Professionals in the cyber-security sector, know their worth; they work in very absorbed environments in a highly demanding profession, so making the whole experience as worry-free as possible is a substantial part of our job. John Madelin, CEO of Reliance ACSN was one of our candidates and subsequently a client. He reflects on his experience as a Metzger candidate: “The whole process was managed very carefully, without over-selling but striking the right balance between being engaging and unpatronising.”
Not clones, but individuals
Despite some commonalities, not every candidate is the same and each will be persuaded by different factors. A good reward package may be a priority or more professional challenges; different sectors or geographical locations are other persuasive factors. The incentives will always have to be as diverse as the candidates' professional aspirations.
Our team is mindful about seeking the correct motivations, having patience and understanding of what it takes to communicate an offer to someone at the peak of their career. This involves having a very close relationship with the client who is seeking a candidate. Understanding their organisation, business direction, professional and social culture informs the type of offer that they extend.
It isn't a process to be rushed, however it is a negotiation that must be undertaken with consideration, discretion and mutual respect for both parties involved. This is especially relevant if the candidate being approached is already employed by a competitor, which is not that unusual. In this instance, prudence is paramount as negotiations could be more delicate.
There is a common misconception that while negotiating with candidates from highly technical backgrounds, it means evaluating them solely on measurable ‘hard' criteria; qualifications, technical expertise, education and previous job experience.
However, it's important to remember that cultural compatibility between the individual and the hiring company is a significant influence in the success of the proposed partnership. As recruiters, we are the first port of call in assessing that cultural fit. Are the two culturally compatible? Because if the candidate is unable to gel with his new colleagues and work effectively together, all the qualifications in the world won't solve that problem. Quite often these partnerships fail because the human factor doesn't work.

Respect the candidate holistically
Many cyber experts being sought at Board level may still carry the stigma of the ‘tech in the basement'. Unless specified we don't make that assumption and our strategy is to look for the well-rounded professional, rather than just the technician. In many cases, the cyber professional who has progressed throughout their career to director, or higher, in another organisation would have (ideally) a broad range of abilities rather than their specialism alone; interpersonal skills, an understanding of business and financial strategies, corporate governance, marketing and human resources, to name a few.
John Madelin, continues: “Omitting the human factor from the equation is often fatal for a positive outcome. In cyber recruiting, clients are often presented with a long list of candidates' technical accomplishments. However, the trade craft is a by-product of a combination of other aspects that can't can be taught such as:
- good people skills
- good business common sense
- being a completer finisher
- effective communication skills
It is vital to navigate these key components when choosing a candidate. The world has changed; being the socially inept tech expert no longer exists as an acceptable credential anymore. Things have moved on.”
Therefore, top level candidates with replete social and technical profiles should be accorded the respect that reflects their range of experience. The relationship is a two-way street, however. Does the candidate want to contribute to the overall culture and development of the hiring company, or are they just signing up as the high-level security person who takes the blame when anything goes wrong?
Conversely, if the candidate is committed to effecting real change, is the welcoming Board as invested in him or her?
We believe that a successful recruitment model requires investing ourselves in our clients' requirements, building trust, making informed decisions with the help of hard data and empathy for both parties in the negotiation. The human element is a very important part of our role.
Cultivate strong relationships and don't be detached or anonymous. By combining intuitiveness, solid research and understanding both parties' aspirations, finding the right senior expert can be a rewarding undertaking – on both sides. In the end, you want to create a seamless marriage of equals, not invest in a poor imitation of partnership.