Demand for cyber security talent (and therefore cyber recruitment) has exploded in recent years. According to Burning Glass, the number of cyber security jobs has grown 94 per cent in just six years. Suffice to say, there have been many changes in this sector over the years. We sat down with some of ARM’s Cyber team to chat about this exciting and fast-paced industry.
What cyber used to look like
Eleven years ago, when cyber was just a buzzword, our Cyber team was a small part of the IT department. Three of the longest-serving members of the team told us what the industry used to look like.
“When I joined the business,” said Tom, “information security / cyber security was on the agenda for many of our clients, but in eighth or even ninth place. However, as the breaches became more mainstream and started to affect the general public, we saw the significance of information security skyrocket. More importantly, nowadays, everything is technology based; your internet history and conversations are being tracked and recorded.”
“When companies got breached six years ago,” David adds, “they did everything to keep it confidential. But now there’s a lot more awareness. Businesses must report to the relevant authority within 72 hours of becoming aware of the breach (ICO).”
Responding to cyber changes
As the market developed, ARM grew this small IT sub-sector into a separate niches which operate globally:
- Identity and Access Management (IAM) & public key infrastructure (PKI)
- Threat & Vulnerability Management
- Cyber Security & Technology Sales
- Security Analysis & Operations
- Incident Response and GRC ( Governance Risk & Compliance)
- Network & Perimeter Security.
Tom: “As well as building up candidate networks, our niche sectors ensure that we are aware of trends. Trends around geographical hotspots for talent, salaries and day rates alongside new technologies, certifications and practices.”
Candidate shortages – and building relationships
Today, however, the main difficulty is helping clients secure the right talent.
“There is a shortage of talent, so in most cases we have candidates with two to three opportunities on the go,” Tom laments. “Therefore, we are keen to create long-term relationships with both clients and candidates. This ensures there’s trust and understanding between the parties, which results in successful placements.”
The team estimates that around 70% of their work is based on getting to know candidates. Their strengths and interests, partnering them up with the right organisations and providing training where needed. In certain areas, candidates need to exhibit competence in a specific area, e.g. have relevant experience or knowledge of frameworks and legislation. In general, though, the team focuses on candidates’ attitudes, as opposed to experience, to maximise the potential for clients.
James has a perfect example: “One guy I worked with had no real world experience in penetration testing, but had a military background and an OSCP certification. These two attributes, combined with his enthusiastic, infectious personality and naturally consultative behaviour, helped him to secure a role in the cyber security industry over other more traditionally skilled candidates, due to the potential that he demonstrated.”
Invest in knowledgeable people
Of course, the biggest risk to everyone will always be the bad guys – those who invent new, potential threats again and again, so there’s no metaphorical finish line in solving the problem. That’s precisely why businesses must not rely solely on technology, but invest in knowledgeable staff, after all, it’s people who offer the next level of protection.
Meanwhile, the Cyber team continues to find talent, provide insights and help businesses future-proof themselves against whatever might be lurking around the corner.
“We’re always open to hiring new talent, but I look for people who are really passionate about their sector,” Tom concludes. “You have to want to learn, read articles and really listen to your clients and candidates. Recruitment can be relatively simple once you understand your marketplace, but that takes time and you are always developing that knowledge. Technology never stands still.”