Hiring managers, HR people, and CISOs in all industries often say that recruiting cybersecurity professionals is really difficult. Where do you find good job candidates? There are a wide variety of offensive, defensive, and administrative roles in cybersecurity-- from malware researchers to pentesters, from SOC analysts to application security specialists. Why do companies find cybersecurity hiring to be difficult? Here are some anecdotes I’ve found on the web.
Alpine Security CEO Christian Espinosa:
“Why do we require a four-year degree in this industry? Most people assume that a four-year degree equals at least proficiency, if not mastery, of a subject. However, in my experience, this is not usually the case with cybersecurity students.
Yes, a degree shows that a candidate paid a lot of money and spent a lot of time laboring over a particular subject. But does that mean they have the intelligence, aptitude or skill level to do the job well? I would say no.”
Ntirety CEO Emil Sayegh:
“The overall talent market has a noticeable shortage of advanced cybersecurity skills, and there are not enough resources across the board. It is an arduous task to find an experienced Security Analyst, Threat Researcher, Security Architect, Security Analyst or a Cloud Security Architect; it will typically take several months of searching and investment to fill positions like these.
On top of specializations, businesses must defend against threats in real-time, so they should recruit for a 24x7x365 cybersecurity team – adding a layer of difficulty to the hiring process.”
Bleuwire’s Robert Cepero:
“The cybersecurity field is also tougher when compared to other IT fields. Candidates need to learn a lot of things. They need to spend a lot of time testing and analyzing systems. The entry-level requirements are also very high. This is mostly due to the bad hiring practices. Companies are always finding the perfect fit for their business. They don’t want to give chances to new employees. Due to this, there are very few candidates who can meet your requirement...
You can ask for a formal degree in the cybersecurity field from the applicant. However, some candidates have the same talent without any degree. They might have done some Bootcamp for learning about IT security. There are hundreds of resources available on the internet. If someone is serious, then they can learn most of the things online. Thus, you should ensure that your requirements are simple.”
It’s time to rethink your methodologies when it comes to hiring cybersecurity talent with proven skills. People can learn a lot about IT from universities and colleges, but a degree is no guarantee of competence and shouldn’t always be a hard requirement for a job applicant. There are also a plethora of organizations which offer hundreds of different cybersecurity certifications. Applicants often have no idea which certifications are worth their money, time, and effort.
The most reliable way to assure that job applicants have the right skills is to see what they’ve actually done.
This is where Hack The Box comes in. As of November 2021, over 800,000 people worldwide are cybersecurity training with our platform and hacking content. That includes our Hacking Labs, Pro Labs, and HTB Academy. Everyone who trains with Hack The Box has a profile of their accomplishments in our labs and Academy modules. With a talent pool of hundreds of thousands of students and reviewable skills performance metrics, Hack The Box offers perhaps the best source of cyber talent anywhere.
Here’s an example of the skills metrics you can view from any user profile in Hack The Box’s app. (Thank you r0adrunn3r, our Senior Community Manager!)
HTB’s Talent Search is built with a variety of features which empower businesses and organizations to find the exact cybersecurity talent you’re looking for.
Your job postings can be viewable and searchable by the entire Hack The Box Community, and you can specify which rank you’re looking for, for which role.
Filter HTB members by rank and location to find the right skill level in your area.
Your Company Mini-Page can be customized with your business’s logo and all of your open job positions. Job seekers often want to see all the job opportunities at your particular company.
Deploy Assessment Labs! Submit your own vulnerable virtual machine for job applicants to try to hack. If your company is looking to add to your red team, this can be a great way to test hacking skills that are specific to your organization’s machines, software, and networks.
Akerva’s Lyderic LeFebvre:
“Hack The Box Talent Search is a great tool and platform to find, locate, and assess cybersecurity professionals. What’s more, we are able to assess our candidate through our Fortress Lab (a custom Assessment Lab), which was developed by us and the HTB team, which was very knowledgeable and helpful.”
Synack’s Andre Gerard:
“Through the Synack Red Team track, CTF challenges, and analytics features on Hack The Box, Synack is able to attract and qualify talented cybersecurity professionals at scale into our recruitment funnel. Better candidates lead to faster onboarding experiences, reductions in operational overhead, quicker first payouts to researchers and ultimately better value for our customers. All these factors are important when growing the world’s leading crowdsourced security platform.”