The State of Cyber Security Recruiting: 2022 Report

In early 2021, we shared the state of recruitment for cybersecurity product talent and it's interesting to look back on that time versus where we are today. 

Despite the publicized changes to the economy, for the tech sector, not much has changed when recruiting cybersecurity talent. Whether product, sales, or solution delivery talent, the current cybersecurity recruitment market is:

  • Still a candidate’s market
  • Struggling to attract and hire top talent - both software vendors and service providers 
  • Expensive for those looking to hire candidates with specific cybersecurity experience 

Earlier this year, McKinsey released an article highlighting three cybersecurity trends and the implications of those trends for enterprises. The third trend they cited is one which echos among business leaders we've been speaking with:

"Many organizations lack sufficient cybersecurity talent, knowledge, and expertise—and the shortfall is growing. " - McKinsey & Company

While the tech companies we partner with are not massive enterprises, like banks or public sector agencies, these small to mid-size startups also lack sufficient cyber-focused talent, and the shortfall is only growing.

How then should a security tech company, whether a software vendor or a service provider, tackle the challenges associated with recruiting the talent they need?

Three Cybersecurity Hiring Recommendations for 2022:

1. Impact supply if you are able too

If you are a tech vendor and you have the ability to impact the supply of candidates who are trained and certified in your product, do what you can to contribute to the supply of talent.

Our example, Sailpoint - their customers are among the world’s largest companies, including: 

  • 8 of the top 15 banks
  • 4 of the top 6 healthcare insurance and managed care providers
  • 9 of the top 15 property and casualty insurance providers
  • 5 of the top 13 pharmaceutical companies
  • and 11 of the largest 15 federal agencies

Companies want people with Sailpoint certifications so as a tech vendor they can help make changes to enable more certifications and growth of Sailpoint.

2. Remove Location Roadblocks 

Allowing a candidate's location to trump skills will only delay further or possibly impede a hiring outcome. Based on our hiring data, your likelihood of an expeditious hiring outcome increases by 60% when you take a location agnostic approach.

This is especially true of cybersecurity tech companies, given that this is one of the most competitive tech categories to recruit. Our advice to anyone hiring cyber talent is to look at the talent pool as a global pool.

We recently completed a search for a North American cybersecurity company that engaged us to recruit a Principal Product Manager. Due to their location flexibility, we completed that search in 33 business days with a hire based in the UK. When location is agonistic, finding a hire within 30-40 business days is the average for our product practice.

3. Think Outside the Box

Typically in tech companies, leaders tend to assume that everyone they hire needs to be a tech person, specifically a tech person from the tech category they are in. 

However, other seasoned leaders will learn that hiring for the core skills necessary to complement and complete a team is a more impactful approach to hiring. This can be incredibly impactful for cybersecurity companies hiring product managers and sales or delivery talent. 

For example, most software vendor cybersecurity companies are engineering, and most managed services providers are sales-led. Because of this, many leaders we speak with have a desire to introduce product management best practices and take a customer experience PoV on their solutions - something that can only be introduced by hiring a strong Pfprroduct manager. 

Hiring for strong product skills vs cybersecurity-specific product management skills can be one approach to achieving a successful hiring outcome while also contributing to the greater good of the talent-starved industry and converting one more person into your category.  

Unlike other tech industries, hiring talent within the cybersecurity space shows no signs of slowing down or having an influx of available talent. Cybersecurity organizations need to continue to be savvy and using these three tips will help you find product, marketing and sales talent more efficiently. 


book a consultation