DEV Community

Cover image for Recruiting the best cybersecurity talent
Lorena C Silva for Vaultree

Posted on

Recruiting the best cybersecurity talent

Hey Vaultrarians!

Every year cyber attacks are the reason for the loss of billions of dollars. With this whole situation, companies are looking for new ways so users can interact with their products in a safer way. The investment in qualified cybersecurity professionals has become a big discussion in social media and other platforms, after all, how and where to find them?

Recruitment done by managers, People and Culture or third parties present difficulties in finding cybersecurity professionals with the specialties and/or experience needed to fill a role in their companies. Whether it is a recruitment platform, interviews, CV reviews, and other details; the search for a professional can become stressful and a "Russian roulette".

A recent study has shown the number of available jobs in the cybersecurity market, and the individuals able to fill them. In the USA more than 600,000 cybersecurity related jobs are opened every year. And within this estimate, only 68 professionals out of every 100 jobs are able to fill the expectations for the respective roles.

Corporate Standards


It is quite normal that the first judgement is made by a curriculum, even though there are many companies that value experience more than the formal education, not all have this mentality and end up losing great opportunities for a requirement that is not necessary.

General qualifications should be analysed based not only on your academic background but also on the individual's own experiences, such as open-source projects, personal projects, being a monitor student at the university, internships, scientific articles and so on. What defines a good IT professional is the desire to delve deeper into technology and the effort to achieve his/her goals.

Impeccable grades or renowned universities are not everything we need to find a good cybersecurity professional, with several courses, workshops, training, and articles available on the internet it is possible to learn so much more than someone who chose to only do a college degree for a few years and remained focusing only on their teachings without seeking for additional knowledge.

Practical skills are as important as theoretical ones!


With over $30 billion invested in Cryptography companies and startups, the disclosure of this superheated market is more frequent.

Finding the right people for the right job goes beyond looking for a professional profile, on the business side, it is essential to understand that it takes a high investment in professionals who meet your needs.

And if initially this high investment is not possible, it is important to understand that a motivated employee with expectations and goals becomes a better resource to work with. The investment in the team through workshops, corporate trips, courses, and other tools can take your team to the next level. This way the investment in a super specialisation can be postponed for a while longer.

Job description

Naturalising the filtering of candidates is very frequent, however, we should not forget that candidates also filter companies. Culture, job description, payment, and clarity of information are some of the topics that are analysed before the final choice is made.

If the job description has a high demand for some technologies and the candidate does not feel secure enough it may be the point where he/she gives up on trying to apply or keep going with the hiring process.

It is important to emphasise that during the job description elaboration it is necessary to put the essentials and differentials. There are technologies that it is essential that the candidate knows because the contact will be daily, just as there are other technologies that will be used in only a few projects. It is possible that the candidate will be prepared previously to use those technologies.

Who guarantees that the professional is junior level in technology? The last company where he spent 3/4 years and they never promoted him to a higher position? Or the opposite situation: another company where in 3 years the professional became senior? Positions do not define your knowledge, experience does!


Thinking about ways to recruit, some companies use tools to make the process more automated. However, in the technological field, especially in Cybersecurity, one way to fill open positions with qualified professionals is to understand the skills they already have.

The possibility of hiring someone from the cybersecurity niche where they already have extensive experience with all the prerequisites is relatively low. Setting goals and enabling professional development are reasons to further qualify existing talent for the roles the company needs to fill.

A great investment option is courses, workshops, corporate trips, articles, and others. This way, moulding your team to good security practices, even if minimal, will make a big difference in the future. Understand that organisational changes are necessary!

During recruitment, it is possible to develop virtual test environments with some of the main threats and understand how the candidate would solve them. Depending on the profile of the position you can give freedom to send projects, videos, and articles that somehow demonstrate professionalism with security on a daily basis.

Testing and evaluation can include a wide range of threats involving corporate security products used - or not - by the company and IT infrastructure that reflects real-world environments.

The level of the vacancy will be defined by those who are in contact with technology and know what basic level is required, direct conversation between tech recruiters and tech leaders makes it clear what the best range of scenarios is during a test or interview.

A test done well or badly doesn't guarantee that this candidate can't be interesting in the near future, always be clear about the possibility of future roles in the company and give a complete feedback for the candidate so they can understand which topics they need to learn and work on for future opportunities.

Recruiting the best CyberSecurity talent takes a lot of effort. The traditional way doesn't work anymore and understanding this change can help you select candidates that will be the future of your company. The market has many opportunities and very few qualified professionals, standing out from the different proposals will make your team reach the next level faster.

Image description

Want to learn more about cryptography? Know its importance today? Its daily advancement? How about its great potential in the tech scene?

We invited Prof. Dr. Kevin Curran, Professor of Cybersecurity at Ulster University to discuss all hot topics regarding encryption.

Sign up for free and get access to the live discussion, Q&A, networking, and on-demand content.

Discussion (0)