Cybersecurity professionals are wanted in the D.C. metropolitan area. A recent report from Burning Glass found that in 2013, the DC metropolitan area had 23,000 cybersecurity job postings, which easily puts the area in first place. New York came in second place with 15,000. Even when the study shifted to a state-by-state analysis, Virginia came in second and Maryland came in sixth.
Much of the federal government’s cybersecurity has been strategically centralized in the D.C. area – most notably with the overhaul of Fort Meade. At $93,028, the average cybersecurity salary pays $15,000 more than an IT salary. A surplus of open positions and a salary that is quasi-sufficient to support the D.C. area cost of living should make D.C. the first place that cybersecurity professionals look to relocate. Unfortunately, it’s not that simple.
D.C. AREA CYBERSECURITY RECRUITING CHALLENGES
The cybersecurity requirements for the federal government and contracting industry can be a bit unique. Over half of the positions require certifications, like a CISSP. Outside the federal government world, many companies consider a CISSP to be an extra but not a necessity. The CISSP requires four years of full-time security work, which puts a damper on hiring entry-level professionals.
Of course, it’s not enough to find a candidate with the right cybersecurity credentials and certifications. Many positions require a security clearance, which narrows the pool of candidates even more. While this should increase the value of the few remaining cybersecurity professionals that are left swimming in the pool, the reality is that with recent budget cuts and sequestration, it is challenging for contractors to pay top dollar for a candidate that has the skills, certifications, and clearance.
CYBERSECURITY RECRUITING STRATEGIES
In the short term, consider adjusting typical practices to gratify employees. If you can’t pay them better than your competition, you have to treat them better than your competition. Perks like alternative work schedules, offsite locations, bonuses, or extra paid leave could make candidates take a closer look. It can’t hurt to ask candidates what perks are important to them and work with management to achieve reasonable requests.
In the long term, build up your bench where possible. Hiring entry-level cybersecurity professionals and providing the opportunity for them to gain the certifications and experience could turn out well for future contracts. Creating a cybersecurity team before contracts come in is a gamble that could payoff if the job environment and pay is good enough to keep employees from jumping ship once the necessary certifications are achieved.
Cybersecurity jobs can take 36 percent longer to fill than all other job postings. It may be a while before the supply catches up to the demand – especially in the D.C. area. Burning Glass reported, “In the US, employers posted 50,000 jobs requesting CISSP, recruiting from a pool of only 60,000 CISSP holders.” So, if you don’t have a cybersecurity recruiting problem, then you probably have a cybersecurity retention problem.
CLEARED NETWORK TIP: REELING IN PASSIVE JOB SEEKERS
One thing is clear – cybersecurity professionals don’t stay on the market long, and almost all of your hires will need to come from the coveted passive talent pool. How to do it? Build your talent pipeline with cleared professionals, and stay in touch. One of the best ways to do this is through Cleared Network groups. Because they’re limited to candidates who have the skills listed (whether it’s Cisco, cloud computing, or cybersecurity), you have a targeted pool as you look to build your network. Check in regularly and offer tips ranging from open listings to interesting articles. Make sure your name is one that comes to mind when they’re looking for a new position or ready to transition from the military. It takes work, but Cleared Network groups make it easier.
Other Recruiting Headlines:
FSU’s Cybersecurity Program Recruiting Veterans
Delaware Seeks to Stem the Shortage of Cybersecurity Workers
