How to Hire Cybersecurity Professionals

By John Egan August 21, 2023

​The White House recently kicked off an initiative aimed at bulking up the nation's cybersecurity workforce. And a boost is needed: An estimated 750,000 cybersecurity jobs in the U.S. are vacant, and demand for cybersecurity workers is expected to grow 35 percent from 2021 to 2031.

Jason Wise, chief editor of technology news website EarthWeb, said that with the National Cyber Workforce and Education Strategy now in place, "the onus is on employers to seize the momentum."

So, how can employers—namely their HR professionals and hiring managers—do so? It's a question without a simple answer. After all, a 2022 report from Fortinet, a provider of cybersecurity training and related services, indicates that 60 percent  of organizations struggle to recruit cybersecurity workers and 52 percent struggle to retain them.

"Hiring and retaining talent can often feel like an uphill battle, but there are a number of things that leaders can be doing to make more strides in this area," said Rob Rashotte, vice president of global training & technical field enablement at Fortinet.

Rashotte and other experts outline four things that employers can do to build their cybersecurity workforces.

1. Boost Training

As part of the new national strategy, SHRM is offering free training to help HR professionals recruit, nurture and retain cybersecurity talent. At least 15,000 HR professionals are expected to enroll in the training program.

Beyond that, employers should institute in-house training and upskilling programs, Rashotte recommended. "Upskilling offers pathways for existing employees who aren't currently working in cybersecurity to gain valuable skills they can apply for a job in cybersecurity," he said.

Employers that are committed to ongoing training stand a better chance of retaining cybersecurity talent than other employers do, experts say. The White House strategy calls for equipping every American with "foundational" skills in cybersecurity.

Frank Gartland, chief product and technology officer at IT training company Skillable, emphasized that cybersecurity training is more complex and hands-on than traditional workplace training.

"To build the skills needed to mitigate increasingly complex and intelligent cyberattacks, you need an element of practical learning that mirrors the real-world threats someone will face," Gartland said.

2. Look Beyond Traditional Talent Pools

Rashotte suggests seeking cybersecurity talent among the ranks of two sometimes-overlooked pools of candidates—military veterans and workforce newbies.

Veterans often possess skills, such as leadership and communication, that transfer nicely to cybersecurity, Rashotte said.

Wil Bennett is vice president and chief information security officer at USAA, a financial services provider that caters to military members, veterans and their families. He said the company has enjoyed success in recruiting military veterans for cybersecurity roles.

"Veterans work great under pressure, and they have situational awareness and oftentimes experience with analytics," Bennett said. "Veterans typically have broad exposure to information technologies and quickly adapt to new roles in the civilian space."

Rashotte also recommends tapping into the droves of newly minted graduates who hold cybersecurity degrees. To attract these grads, he advocates the creation of cybersecurity internships and apprenticeships.

As part of the White House rollout of the national strategy, cybersecurity company Trellix announced plans to hire 300 cybersecurity interns over the next two years.

"Cybersecurity has become everyone's issue and, as a result, responsibility," said Michael Alicea, chief human resources officer at Trellix. "No longer is it a focus limited to specific industries or to a few specialized roles within an organization."

Aside from internships and apprenticeships, Alicea thinks the U.S. should drum up interest in cybersecurity careers by introducing these opportunities to children at an early age, boosting the number of cybersecurity scholarships and carving out paths for midcareer switches to cybersecurity.

3. Zero In On Diversity and Inclusion

Like many organizations are doing these days, employers seeking to fill cybersecurity jobs should incorporate diversity and inclusion into their hiring plans, experts say.

"Casting a wide net will be important, so the focus on diversity and inclusion will be critical," said Aaron Turner, chief technology officer for software-as-a-service (SaaS) at Vectra, which operates an AI-powered platform designed to thwart cybersecurity threats. "The cybersecurity genius of the future could be in some small rural town or disadvantaged urban neighborhood."

Along those lines, Rashotte stresses the need to ramp up the number of women working in the cybersecurity industry. In the federal government, for instance, women comprised 25 percent of the cybersecurity workforce in 2020, compared with 43 percent of the governmentwide workforce.

Wise believes diversity and inclusion "are not just buzzwords but strategic imperatives" in the cybersecurity sector.

"A diverse workforce brings a myriad of perspectives, fostering innovative problem-solving," he said. "Employers should ensure their recruitment strategies are inclusive, reaching out to underrepresented communities and making cybersecurity roles more accessible to them."

4. Embrace Cybersecurity Professionals

Chris Brown, founder and CEO of cybersecurity coaching firm New Cyber Executive, said cybersecurity professionals should feel as though they're part of a broad-based team rather than being relegated to silos.

Employers should create opportunities for these professionals to connect and collaborate with colleagues working in a variety of disciplines, Brown said. In addition, cybersecurity employees should be recognized by both tech and non-tech workers for their contributions to the organization.

Cybersecurity professionals "should also be offered a little space to experiment," Brown said. "Like many tech people, cyber professionals like to learn by doing and to continually optimize solutions. Give them room to do this, even just a little, in terms of time and resources."

Kyile Stair, chief people officer at training provider Litmos, said investing in the learning and development of cybersecurity workers aligns with the White House strategy and the industry's growth plans. By following the strategy's principles, she said, "employers can create an environment that attracts, nurtures and retains valuable cybersecurity talent."

John Egan is a freelance writer based in Austin, Texas.



Hire the best HR talent or advance your own career.

Discover what’s trending in HR

Search and download FREE white papers from industry experts.

Search and download FREE white papers from industry experts.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.