One aspect that is within a company’s control, but is often unremarked, is unrealistic hiring practices. While this can be a problem across all sectors – after all, every business wants to be sure they get highly experienced people on board – there seems to be a particular issue around cybersecurity hiring.

It’s not uncommon for companies to require three to five years of experience for an ‘entry-level’ cybersecurity position. Is this because budgets are misaligned with needs? Are internal training programmes insufficient or non-existent? Do companies not appreciate that applicable experience can come through many different avenues and take many different forms? Are hiring managers stuck in the past when rigorous cybersecurity programmes weren’t part of the university curriculum? Or is it the belief that the high-stakes nature of cybersecurity means you need battle-hardened veterans, rather than new recruits, on the front line of cyber defence?  Whatever the reason, these positions often go unfilled or result in high turnover. 

Here are five things employers can do to expand their workforce and lay a solid foundation for the future growth of their security teams.

Read more >