It is a seller’s market right now when it comes to IT employment. Especially in the security and risk field. Consider this, information security has had 0% unemployment for the last three years running and ISACA projects a shortage of 2 million security practitioners next year. Cybersecurity Ventures believes that number will reach 3.5 million by 2021. That’s a lot of unfilled jobs! Not to mention, burnout for security professionals working in an enterprise environment is common to say the least. So, how can organizations attract and retain qualified professionals?
Having spent the last 6 years of my career in IT recruiting, I’ve seen my fair share of approaches.
Ping pong tables, video games, and kegs on premises for the fun and casual work environment.
Flexible schedules, discretionary paid time off, and remote work capabilities to help strike a strong work-life balance.
Clear growth paths and consistent advancement with continuing education. Etc.
These are all well and good, but in my experience, the companies who are offering high salaries and stable employment win out more often than not. Another route many companies take is to train less experienced IT employees into the security field, but this too comes with its own unique set of obstacles…
First, you need to already have at least some security and risk expertise within your organization, as well as the time and the resources available for them to train someone. This is a tall order in an industry that has 1 job vacancy for every 2 employees.
Second, this doesn’t directly address the challenge of balancing employee salaries and company budgets. Sure, you could pay a lower starting salary as one develops his or her skills, but what is to stop them from leaving for greener pastures once they are up to speed?
Unfortunately for employers, this means that the cost of full time employment is steadily rising, as is the prevalence of contracted and project-based hiring. Because of this, finding a balance between offering potential employees the salaries they want, while staying within the company’s budget is becoming more and more difficult.
Enter Dark Rhino Security. As a managed provider, we are separate from your organization, its people, and its politics. We leverage the best industry standards and practices to objectively assess, investigate, and manage your information’s security and risk. With a managed provider, you no longer have to concern yourself with where to find the right people or how to keep them in your organization. We have an expert team of highly dedicated security specialists, supported by strategic and emerging technology partners, who are laser focused on information security for our customers. Combine that with our focus on culture and personal growth, and you’ve found yourself a stable, go-to partner for risk and security.