HiddenText Ltd

Dear Infosec Hiring Managers

Dear Infosec Hiring Managers – Think of the candidates!

/

, , ,

We hear of skills gaps in the UK, we have un-filled jobs and yet, there are thousands of people looking for jobs.

So, why is recruitment so hard in Information Security? Why is Cyber so hard to hire for? Why are candidates not applying for jobs? And, why are we still in this mess after years?

Dear Hiring Managers,

Can I share some thoughts from the candidates perspective why we don’t want to apply for your roles?

I would like you to look at your careers page, where you advertise your current roles. I want you to bear in mind these 3 people:

  1. a Student, maybe at college, maybe in the middle of a University course. Someone bored because their educator is not giving them the value they need in the course and they are instead, doing their own studies at home, bug bounties, free qualifications and volunteering at conferences.
  2. a Student who has finished University. They passed the exams pretty well but have no industry experience. They have expectations of a high salary because they have been told a degree in a cyber-related topic is a sure-fire way to make the grade. They have a little experience but have mainly focussed on their education.
  3. a 40-something who has spent 20-odd years in industry working in a variety of roles and have always for some reason just hit that ceiling and not progressed on, instead they moved role to somewhere else and took on a new challenge and broadened their horizons.

 

Now think about their perspective of your website and think about these statements:

  1. The job title does not describe the role. I will not apply for your role as that job title is not what I am looking for. I am aware of these roles and these job titles but I do not know what your role is and I am not searching for that role title.
  2. I don’t know your internal business units and codes, I don’t know what it means when you say DR will be reporting into GH. I will not apply for your role as I do not understand your business and feel intimidated by your language.
  3. I read the small paragraph about the job description and the page about your company and I am none-the-wiser about what I will be doing for a day job. I will not apply for your role as I do not understand what my average day will look like nor what you do as a business.
  4. The job advert says X as a location, but your “about the company” section champions the offices all over the country. I will not apply for your role as I am not geographically local to where the role says it should be, I cannot afford a property in those areas despite you stating you have an office just down the road from my current location.
  5. Your job advert says Pay Grade 11, HEO, Inspector equivalent or G6. I am coming into your sector from externally and do not know what these levels are and it is hard to find accurate information about these grades. I will not apply for your role as I do not know what the salary will be.
  6. Under pre-requisites for the role, you state you need (insert qualification here). I do not have that certificate but I do have others similar OR can demonstrate that I could probably pass that certificate if I could afford to take the exam. I will not apply for your role as the certificate you are stating a pre-requisite certificate I do not have and is not financially attainable for me.
  7. This technical role lists soft skills and no technologies. I will not apply for this role as I do not know if I will have an understanding of the technologies required to do this role.
  8. There is no way to contact you with regards to this role as I have to apply through an online portal not connected to your website and you have no email address. I will not apply for your role as I cannot get my queries answered.

 

Your candidates are being turned off by your job adverts! You have an amazing talent pool out there that are looking for roles right now. Think back to those initial 3 people;

  • Number 3 is a ‘dead cert‘ for your roles, experienced, loads of life skills, plenty of breadth of knowledge, but they will fail to apply as you state you need these certifications. Also due to age, they may not be willing to re-locate but they have done their research and know of a local office. You have missed an ideal candidate here, you never even got to see their CV as they didn’t even apply.

 

  • Number 2 is a ‘punt.’ They’ve got the theory from education but need to put it into on the job experience. They would be a great junior hire for you to craft through a long-term commitment into a senior person within your organisation. However, they are not going to apply as you never told them the wage and they have no certificates. They are also fearful due to the jargon and that is undermining their confidence as they feel like they don’t know anything. You didn’t get to see their CV as they didn’t know what your job was.

 

  • Number 1 is a “future superstar.” They have self-drive, self-motivation, lateral thinking, creative thought process and a willingness to learn. However, you made your advert appeal to ‘not them’ with the wrong language. You gave them pension benefits when they want to save up so they can move out of mum and dad’s house. They don’t have your certificate requirement despite them having sat almost every equivalent test they can. You are blocking them because they can’t afford £1k for the exam. You didn’t even see their CV despite them probably being better than some of your existing staff and a great asset to the department.

 

So take heed of the above and think about:

  • A job title that reflects the role. Be real. Also, be consistent with the rest of the industry. If someone is a Senior Consultant in their current role, will they be applying for your role with that job title you workshopped to make it sound cool?
  • A brief description of the company they will be working for:
    • what it does,
    • where the offices are,
    • where the business unit they will be working in is stationed,
    • who they will be reporting to.
  • A “day in the life of” for this role, include key tasks and technologies the candidate will be using. Let the candidate understand if that day is what they want. You’d rather hire someone happy with that surely?
  • A list of responsibilities to bullet point the tasks into easy-to-read and understandable phrases. Lose the jargon, tell them what they will be doing so there will be no surprises on the job.
  • Key technologies should help the candidate understand if they can do the job and maybe grade it into essential, required, nice-to-haves.
  • Qualifications as a guideline, not a tick-box. A candidate may show more experience that a certificate – they may not have taken that certificate because their previous employer didn’t want them to, not because of the candidate. Some people just don’t like exams!
  • Some benefits are worth it to the candidate and some not. Try not to state the awesomeness of a benefit (state-of-the-art-gym while the candidate has health issues, doughnut Tuesdays while the candidate has diabetes etc.) when the person may not want those benefits. Benefits look good but they are not the attraction to the candidate, they are nice add-ons.
  • Be honest with salary expectations. £35-£55k depending on experience is better than saying G6.
  • Try spending some time working in the departments you have roles for so you can get a feel for the roles, the teams, the environments and then you can help articulate that through the adverts.
  • Speak to the people that will be their bosses and find out what the ideal candidate looks like and what the threshold is. You can then create a job advert that can cover those ideals which will also make the management happier as they will now be interviewing relevant candidates. They can see the future superstars, the ones they will be taking a punt on and those that should have applied but never have before.
  • Have a clear structure in the adverts as to how the interview process will be handled, how many rounds and what is involved at each stage but more importantly when the closing date for the role is. That way the candidate knows what to expect, from whom and when.
  • Have a direct contact email address on the advert so that if a candidate has questions, they can reach out to you and you should have someone empathetic in their responses.

Not everything is obvious from the outside world.

If you are not sure about this brave new world I have proposed, try applying for your jobs. Seriously, try getting the managers to apply for roles and see what the experience is like – I wonder how many would get through the process to even first interview? Maybe try a sample role listed somewhere new and see the difference in applications?

I hope this helps.

Kind Regards

 

Stuart Coulson
(Looking for a role)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.