Blog

#ISC2Congress: Recruiter: COVID Had a Minimal Impact on the Cybersecurity Job Market

Nov 18, 2020

The COVID-19 pandemic delivered a serious blow to the global economy, but plenty of job opportunities remain in the cybersecurity field, according to Kris Rides, CEO of cybersecurity staffing company Tiro Security.

There were cybersecurity layoffs, Rides said, but in much smaller numbers than in industries such as travel and entertainment, which have taken the brunt of the pandemic’s economic impact. Cybersecurity “is one area where companies couldn’t really afford to lay off people,” Rides said, during a virtual presentation as part of the (ISC)2 2020 Security Congress taking place this week.

Kris Rides, Tiro Security

Kris Rides, CEO of Tiro Security

The pandemic’s impact on cybersecurity jobs appears to have been temporary, according to Rides.

“There were less jobs available, but that was only for a short period of time. If anything, it was kind of a reset. Now we’ve got as many jobs as we had before.”

Considering the security job skills gap, this isn’t surprising. Before the pandemic there was an estimated job skills gap of about 4 million worldwide, according to the (ISC)2 2019 Cybersecurity Workforce Study. Last week, (ISC)2 released its 2020 Cybersecurity Workforce Study , which reveals that the gap narrowed to 3.12 million professionals needed, partly as a result of market contraction.

After the Pandemic

Rides predicted that companies will continue trying to recruit qualified cybersecurity professionals once the pandemic is over, which means there will be no real change in that regard. However, there will be questions about whether to keep work-from-home (WFH) environments at pandemic levels.

While 30% of cybersecurity workers prefer to remain in remote environments, 59% like hybrid office/home models, he said. But it appears that many organizations will push for a continuation of higher WFH numbers. Rides said he has heard from clients who are planning to reduce their office space in favor of keeping employees at home.

“This is going to get messy to figure out,” he said. “This is going to be the most important thing that is going to come up in the next 12 months around retaining your staff.”

Cybersecurity worker retention will require a balance of location, compensation/benefits and job satisfaction, he said. Having good benefits such as health coverage, bonuses and attractive PTO (paid time off) policies certainly help. And of course so do treating people fairly and having direct relationships with staff so you know what both motivates and frustrates them.

Attracting Job Candidates

Drawing qualified candidates to cybersecurity positions requires a well-thought-out hiring process. Too many companies have broken hiring processes, which take too long and don’t properly screen candidates. Often, companies don’t even realize they have a problem, Rides said.

One common issue is job descriptions that aren’t written by the hiring managers but rather culled from generic posts online or written by HR personnel without a clear understanding of cybersecurity roles. “This is the hiring manager’s job,” he said. Poorly written or unrealistic job descriptions can be a deterrent to attracting qualified candidates.

When it comes to compensation, research also has shown that cybersecurity professionals aren’t primarily motivated by salary but competitive pay certainly helps. Rides said he expects salaries to flatten but urged hiring managers to keep market values in mind when making offers. “You’re starting the employer/employee relationship off on the right foot when you offer the right amount of money.”

For successful recruiting, Rides shared several recommendations, including offering current employees bonuses for references, using LinkedIn to connect with jobseekers, attending and speaking at industry events, and participating in industry groups for networking purposes.