Security Experts:

Connect with us

Hi, what are you looking for?


Training & Awareness

Overcoming Cybersecurity Recruiting Challenges

Recruiting the best cybersecurity talent is an especially difficult task. Good people are very hard to find in a tight labor market where demand effortlessly outstrips supply. 

Recruiting the best cybersecurity talent is an especially difficult task. Good people are very hard to find in a tight labor market where demand effortlessly outstrips supply. 

Companies urgently need talented people to fight the rising tide of cyberattacks, which cost billions in damages every year. Being unable to fill vital jobs is becoming perhaps the greatest cybersecurity risk of all, dwarfing the threats posed by ransomware and other attacks.

Recruiting Challenges

The challenges are many, but here are the toughest ones: 

Finding the right people for the right jobs — within time and money constraints. 

Some companies make the mistake of asking too much from candidates — in the hope that one of them will match their needs. For example, when seeking an entry-level person, they ask for years of work experience and specific security qualifications. On the other side of the table, candidates may overstate their capabilities.

Falling into the trap of only selecting candidates with deep resumes.

This is so easy to do, given the slew of responses to certain advertised positions. Faced with possibly hundreds of resumes to shift through, hiring managers tend to cherry-pick the applicants with the best academic and work qualifications  — which may result in overlooking those who have superior hands-on skills. 

Ignoring talented people who perform poorly in interviews

For many companies, the first face-to-face interview is the acid test for assessing a candidate’s suitability for a position. Not surprisingly, some very talented people get rejected at this stage because they perform poorly due to nervousness, shyness or even neurodiversity. Indeed, a lot of high-tech people are introverted and may not excel in interviews.

Writing job descriptions that precisely define roles and positions.

Imprecision costs time and money, for companies and candidates. Companies need to be precise in terms of the skills they need for a specific role rather than vaguely listing capabilities that may or may not be useful. Each job description should accurately reflect what the job entails today — not what it entailed in the past.

There is a Better Way of Recruiting

As the demand for cybersecurity talent explodes and the supply dwindles, recruiters are realizing that the old ways of filling technical roles are limited, slow, and sometimes expensive. What is needed is a new way of recruiting — one that is precise, inexpensive, and, best of all, highly effective. 

The core idea is that recruiters should use a virtual testing environment that enables them to validate and assess candidates’ cybersecurity skills as they perform hands-on exercises. For each position, this approach should allow a recruiter to create a specific evaluation module, choose challenges and assessments that match the job’s skills, and view key performance metrics and completion time. In this way, candidates’ performances can be quickly measured.

Ideally, this new recruiting solution should enable recruiters to assess a variety of skills and functions mapped to frameworks such as NIST/NICE and MITRE ATT&CK. In addition, NICE job descriptions should be incorporated into the solution — solving the challenge of writing precise job descriptions for most positions. 

Challenges and assessments should include a wide range of threats, enterprise security products used by the hiring company, and emulated IT infrastructure that mirror real-world environments. 

For maximum efficiency, this approach should cover the common topics and functions including .log analysis, addressing CVEs, IoT security, common TTPs, and the ever-changing threat landscape

The benefits of the virtual testing approach to recruiting are clear. Recruiters can quickly and cost-effectively find the best people for the right roles, uncover high-potential talent and expand their pool of qualified candidates.


The challenges of recruiting the best cybersecurity personnel have never been tougher. With the labor market for cybersecurity pros being extremely tight, the old ways of recruiting are rife with weaknesses and biases, while the urgency to recruit people is intense, given the relentless and costly waves of cyberattacks. 

Companies need a better way of recruiting — one that relies on a virtual testing approach that enables recruiters to validate and assess candidates’ cybersecurity skills via hands-on exercises.

Written By

Jeff Orloff is Vice President of Products and Technical Services at RangeForce, a cybersecurity training company. He has over ten years of experience in cybersecurity, computer and network security and system administration. Prior to RangeForce, he was Director of Product Management and UX at COFENSE, a company specializing in email security, phishing detection and response. He also served as Technology Coordinator for the Palm Beach County Florida School District.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.


Series A funding brings the total amount raised by cybersecurity training company to $15 million.

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Application Security

Hack The Box Raises $55 Million in Funding Round Led by Carlyle

Management & Strategy

Neurodivergence, by its name, implies a different way of thinking. The question we wish to examine is whether the inclusion of this neurodiversity can...

Management & Strategy

The US government’s 120-day Cybersecurity Apprenticeship Sprint has come to an end. The initiative has resulted in more than 190 new cybersecurity programs and...