Navigating the Cybersecurity Skills Gap

By Jeffrey Weber on October 14, 2022 at 1:30am

By Jeffrey Weber, Executive Director, Robert Half

Almost every company is a technology company to some degree. That means pretty much every company needs people with cybersecurity expertise. This puts those professionals in very high demand. However, the job market is suffering from a cybersecurity talent shortage, making hiring for these roles, such as security architect, network security engineer and data security analyst, all the more urgent.

Everything from cloud services to remote employees represents a potential entry point for unauthorized access to company data. And as such opportunities grow, the global costs of cybercrime rise — now rising to trillions of dollars. So it’s no surprise that organizations are scrambling to recruit cybersecurity talent.

A Robert Half survey found that 43% of technology managers plan to hire security, privacy and compliance talent by the end of the year. The problem? Almost one-third of the same group (29%) said finding professionals with cybersecurity skills is their biggest hiring challenge. Research by CyberSeek, which gathers data about supply and demand in the cybersecurity job market, backs up these findings. It found that, on average, cybersecurity roles take 21% longer to hire for than other IT jobs.

4 tips for recruiting and retaining cybersecurity talent

Clearly, many companies are struggling to find the cybersecurity talent they need and close the cybersecurity skills gap in their organization. But by following these four hiring and retention strategies, you can help give yourself an edge.

Hire for potential, not credentials

Are you evaluating candidates based on a list of (what you regard as) must-have credentials? Will you even consider applicants who don’t have an entry-level certification like CompTIA Security+ prominently displayed on their LinkedIn profile?

While it’s true that some credentials, such as Certified Information Systems Security Professional (CISSP), are genuine markers of an applicant’s cybersecurity expertise, savvy employers recognize that it’s just as important to hire for experience and soft skills. You can train new employees on the job for many cybersecurity skills and tools. Drive, determination, time management, adaptability and a genuine passion for the industry? Not so much.

Considering that, it might be a mistake to pack your job postings with an extensive list of necessary skills and experience and potentially deter otherwise strong candidates. Start with a handful of must-have qualifications and place the rest under a nice-to-have header. Emphasize that entry-level roles are open to entry-level candidates (this should be obvious, but not all job posts make it clear) and that interest in the field and a learning mindset are most important.

Also, consider job seekers who’ve taken a less conventional path to their skills. In this, you’ll be following the lead of 89% of IT leaders who said they’re willing to hire candidates from technical training programs, such as AWS apprenticeships, rather than those with more traditional education.

Explore new talent pools

The stereotype of shadowy figures in hoodies beating back cyberattacks hasn’t helped broaden the appeal of the security sector. However, while the field continues to be male-dominated (fewer than one in four cybersecurity professionals are women), fostering greater gender diversity is among the new trends in the field.

To build more diverse talent pipelines, strip your job posts of gendered language. Don’t talk about attacks and warfare. You’re not looking for ninjas or warriors. Remember, too, that people from underrepresented groups may have lacked access to educational resources through no fault of their own — another reason to downplay the importance of standard credentials and certificates.

Pay well and be flexible

Starting salaries for cybersecurity professionals are rising as vacancies outpace the number of available candidates. To help combat the cybersecurity talent shortage, one-third of technology leaders said they’re willing to offer a higher salary to contend for top security, privacy and compliance talent, so your offer should be competitive.

And it pays to think beyond starting salary. Research for Robert Half’s latest Salary Guide found that remote work options have become a key differentiator when recruiting: 74% of technology hiring managers said their department offers them, and 86% said this strategy helped them hire top candidates.

For their part, workers named flexible schedules, remote work options and stipends for home offices as their three most-wanted perks. Bottom line? Even if you can’t match your competitors on starting salaries, you can give yourself a chance by accommodating candidates’ preferred work arrangements.

Also, be flexible about the type of talent you hire to address your cybersecurity skills gap. Facing shortages of candidates for permanent roles, 79% of tech managers are turning to contract professionals to support their teams, and 72% plan to use more interim workers in the next year.

Prioritize upskilling and professional development

Hiring top talent is one thing. To improve your company’s security, privacy and compliance performance over the medium and long term, you also need to retain these employees.

According to our research for the Salary Guide, more than one-third of tech managers are promoting employees from within to keep top performers challenged and satisfied in their work. This kind of internal mobility goes hand-in-hand with strong retention rates, as does investing in upskilling and professional development programs. Some options include:

  • Participating in upskilling programs offered by third parties or technology companies like Microsoft, AWS and Oracle
  • Subsidizing costs for IT certifications and training
  • Identifying common upskilling needs for entry-level talent and building internal programs to meet those needs

Listen before you leap. Ask employees about their career goals, and use this information to build upskilling initiatives that add value to your operations and increase employee morale and engagement.

Cybersecurity is a huge deal — and the need for it gets bigger every year. Your company’s success may hinge on your ability to protect the data of your employees, customers, clients and investors. Given that, it makes sense to go the extra mile to secure and retain the cybersecurity talent that can help you close the cybersecurity skills gap and safeguard your future.

Need help hiring skilled cybersecurity professionals for your business? Contact Robert Half’s technology staffing specialists.

Cybersecurity Skills Are in Demand; infographic with results from Robert Half survey about technology managers' hiring plans and strategies.

Cybersecurity Skills are in Demand

According to a survey of technology managers by Robert Half:

43% of technology managers plan to hire security professionals by the end of 2022.
33% are willing to offer a higher salary to compete for security talent.

Get all the numbers worth knowing at

Source: Robert Half survey of more than 230 hiring managers in technology in the U.S.

© 2022 Robert Half International Inc. An Equal Opportunity Employer M/F/Disability/Veterans. RH-0922

More From the Blog...