How to Build and Retain Your Cybersecurity A-Team

Written by

Hiring and retaining the right talent is no mean feat for any business, but it isn’t straightforward when it comes to cybersecurity. Like most markets across the world, the UK has for years faced a serious cyber-skills shortage. In fact, a recent study by the UK’s Department for Digital, Culture, Media & Sport revealed that a staggering 50% of private sector businesses had basic technical cybersecurity skills gaps within their organizations. 

The problem is so acute that even the cyber sector has a shortage of skilled talent. In the same survey, 47% of cybersecurity firms admitted facing problems with technical cybersecurity skills gaps in the past 12 months, either among existing staff (18%) or new job applicants (40%). Organizations must immediately identify, train and retain more cybersecurity talent. What’s not so clear is how to answer the obvious next question: what’s the best way to build and retain skilled cybersecurity teams? 

Of course, the response depends on the position that needs filling. Over time, the volume and variety of cybersecurity roles have grown immensely, from traditional analysts to threat hunters, architects, incident responders and more. 

This growth in cyber roles requires organizations to first identify the specific role/s that need filling and then inventory the critical responsibilities involved and the skills required to complete them. While large businesses may have the recruitment firepower and budget to fill every specialist role individually, smaller organizations likely want people covering multiple roles/specialties. 

The next task – finding suitable candidates – offers numerous approaches. Because of this, some are easier and more cost-effective than others. The following tips should help:

Wherever Possible, Source Candidates Internally

Any business should first look within its own ranks to find potential candidates. It’s usually far more cost-effective to fill positions internally because someone already familiar with the company culture, structure and people will hit the ground running more quickly than most new hires. This lets organizations focus training on particular skills and certifications required rather than spending time on basic business orientation. 

Incentivize Existing Employees to Refer Potential Candidates

If it’s not possible to fill vacancies from within, the next best option is to get recommendations and referrals from colleagues, employees and peers within the industry. Incentivised referral schemes offer a great way to quickly identify potential candidates with the necessary skills and experience, without jumping through numerous unnecessary hoops with recruiters. 

Be as Detailed as Possible in External Adverts

If the first two options above fail to unearth suitable candidates, the next step is to advertise externally. When doing so, be as detailed as possible about the roles and responsibilities the position entails. The more specific the advert, the more it will (hopefully) minimize the number of unsuitable applications. 

During the interview stage, it’s also crucial to assess attitude and personality and skills and experience. While it’s fairly easy to round out someone’s skill set through training, it’s much harder to fix a bad attitude or poor work ethic. Running theoretical scenarios or problem-solving tests with the final few candidates can help ensure you pick the right person for the job. 

Remember, Culture Plays a Crucial Role in Retaining Talent 

Identifying and hiring new talent is only half of the challenge in the current cybersecurity landscape – you also have to retain them. Unfortunately, there’s always another organization out there trying to headhunt your best employees out from under you. 

One of the best deterrents for this is building a team/company culture that employees genuinely embrace, making them harder to lure away. Policies that promote work-life balance and offer solid benefits are critical to this, as is creating a collaborative atmosphere within the team that celebrates and rewards success. 

Management also plays a central role in an organization’s talent retention. As the old adage says, people don’t quit jobs; they quit bosses. By fostering a positive and respectful environment, especially understanding that employees can develop their career paths just as you are, retention can also become a lot easier.

With the global cybersecurity skills shortage showing no sign of abating, the task of identifying, recruiting and retaining talented employees is harder than ever. Solving the problem isn’t rocket science, but it does take a level of work and commitment that a surprising number of organizations still aren’t willing to make. For those that are, the rewards will be quick to materialize. 

What’s hot on Infosecurity Magazine?