How to attract and retain top cybersecurity talent

As cybercriminal tactics become more sophisticated, the need for high-impact strategies to reduce the threat to your organization is vital. With 39% of businesses experiencing an attack within a year, hiring professionals who can mitigate risk from the inside has never been more urgent.

Cybersecurity experts are in greater demand than ever. In the UK alone, it is estimated that there are currently between 100,000 and 150,000 cybersecurity vacancies. And despite government efforts, a national cybersecurity skills survey found that half (51%) of all private sector businesses in the UK identified a shortage of basic technical cybersecurity skills.

For a role that barely existed a decade or two ago, skilled cybersecurity professionals are now in a position where they can make the decisions. So how do you attract the best?

If, as an employer, you offer good salary packages, working conditions and attractive career progression opportunities, what more can you do to attract these professionals and protect your business from a growing threat? Here are three suggestions:

1. Target early

Global student news site Stunited recently ranked cybersecurity among the six most in-demand jobs in the UK. Consider recruiting practices that attract early-career candidates. Explore in-person and virtual events to connect with students and invest in online and offline marketing strategies to target them at a stage when they are still considering the plethora of options for their future.

2. Diversify your target audience

In the UK, 85% of cybersecurity practitioners are white and 64% are male. It is therefore important to expand the network to attract a pool of candidates from underrepresented groups. There are many benefits to having a diverse workforce. A 2017 Boston Consulting Group (BCG) study identified diversity as a key driver of innovation, finding that diverse teams generate 19% more revenue. Diversity also leads to differences in ways of thinking and experiencing and has also been attributed to increases in productivity and reduced turnover.

3. Review your recruiting processes

Before introducing policies to increase diversity, you need to know who is currently applying. Gather candidate data to determine if you need to take proactive steps to attract specific groups – you can’t make sound business decisions without data.

Analyze job descriptions to eliminate biases so you don’t deter anyone. Revise the language – are you subconsciously writing job ads and application forms with a white male in mind?

Consider a post-application survey to determine what attracts recruits and what might cause them to drop out. You’ll be surprised how many people are willing to share their feedback, because a negative application process can deter a candidate for good, and you could ignore top talent out of ignorance. We have an applicant tracking system in place to understand where our applicants come from, see how diverse the applicant pool is (or not), and improve the applicant experience by being able to track the progression and end of their process.


Once you have these cyber pros on board, you need to keep them. In an increasingly competitive environment, you want to make sure they engage and won’t be tempted by other companies seemingly offering something better. But how will you know? These two approaches can help:

1. Introduce regular comments

The introduction of continuous feedback is essential. First, taking the time to listen demonstrates recognition of psychological safety and helps them feel empowered. Holding regular sessions provides a chance to share any concerns early so they can be addressed before they escalate. If you only have a standard annual performance review, you risk losing that team member before they’ve had a chance to air their grievances.

2. Ensure an open culture

Ensure feedback processes foster a culture of openness and authenticity. If the employee feels uncomfortable, the whole exercise is useless. Maybe it’s about setting up an informal cafe outside the office, rather than a daunting formal meeting. Offer an objective ear – perhaps the team member doesn’t want to share their concerns with their line manager, but will be more open and honest with someone they don’t work with directly.

The daily work environment should also promote a culture of openness and sharing of ideas. The best cyber professionals tend to be curious and eager to learn, so giving them the chance to evaluate or work on new projects to “nurture” that natural curiosity will help them feel valued and fulfilled.

The trip

In our company, we are on a continuous and evolving journey in terms of diversity and inclusion, but we are already seeing an impact when it comes to fulfilling cyber roles.

Since we introduced HR policies, including refining job descriptions and broadening our search for candidates, we have seen an increase in the number of applications from underrepresented groups and we are seeing an improvement in the effectiveness of recruitment thanks to the refinement of our procedures.

We see diversity and inclusion as a learning journey, but we’re on the right track. In the battle for the best cyber professionals, companies that show openness and objectivity, as well as proactive steps to reach and appeal to a diverse pool, are the ones that will be rewarded.

Leave a Reply