It’s no secret that having understaffed teams remains an issue for most cyber security companies year after year. A major factor to this hiring difficulty is the large number of unrealistic job descriptions that are out there. That is why our CEO Kris Rides raised the question recently on LinkedIn hoping to get some sort of clarification from his network of security professionals. The question that was proposed via poll was “What is the main cause of unrealistic cyber security job descriptions.” Within a day, the post quickly began to gain traction and there was plenty of constructive feedback. Over a hundred comments included observations from various hiring managers, including CISOs, and other C level executives of various companies. As for the poll results themselves, 20% referenced a lack of budget as the main reason for unrealistic job descriptions whereas 16% cited a lack of time to upskill and 18% had other reasons in mind. But by far the most popular reason most people voted for was the idea of a unicorn employee which constituted 46% of the votes. Here are a few insightful comments that stood out to us.
CEO at Security Consulting Firm:
“I have trained and mentored people with a degree in history to be excellent CISOs. The reality is that we discount the soft skills and chase unicorns and rainbows instead of being grounded in reality. I can’t even count how many unicorn types I have encountered that failed a basic audit and couldn’t describe cyber fundamentals. My advice? Give a bit less weight to Certs and artificial markers. Focus on the team, the people, and the fundamentals you would with any other position.”
Chief Information Security Officer
“Lack of understanding of what it takes. Often making the role a single position when it needs multiple people. This often is shown as listing the tasks of an entire security team along with the pay level of a junior or mid level position.. hilarious at times.”
“Interesting take… when a company is looking for a clone (regardless of the position), then we will always fall short. It isn’t that we can’t do it, but we’re being held against a standard to which we can never live up to…”
Most of these comments agree that looking for the perfect “unicorn employee” just isn’t realistic. When a company loses someone who is able to do multiple roles chasing after those same qualities in a replacement is often a pointless and frustrating exercise.
With teams being understaffed and under pressure they may lack the time to train new employees and the need for immediate help is what’s resulting in these unrealistic job descriptions. Unfortunately, these unicorn job descriptions result in candidates being discouraged from applying so companies miss out on even seeing potential employees. When both of these effects are working in tandem it is no wonder most cyber security teams are constantly understaffed.
Our advice to hiring managers in this situation is if you have the budget, hire a specialist cyber security staffing company like Tiro Security to search for people with these unique skills but bear in mind even the best agency can’t produce candidates that do not exist. In that case we can at least consult with you to give a realistic expectation of what skills sets are out there in the market and advice on howyou can attract them.
Tiro Security are a specialist Cyber Security staffing and professional services company. Formed in 2012, headquartered on the West Coast and helping clients all over the USA, Cyber Security is ALL we do. Tiro Security is extremely active in the cyber security industry and regularly speaks as experts on staffing, careers and retaining talent at major conferences including DEFCON, ISC2 Congress, ShellCon, BSides and RSA.