There is perhaps no greater luxury in life as getting a massage once in awhile. I’ve personally always loved massages – I know, who doesn’t – but it’s a love that’s only grown as I’ve grown older, travel more and perpetually carry an ever increasing amount of stress in my neck and shoulders.
While I used to see these spa sojourns as simply a short term way to relax and let go, I now see them as not just an opportunity for feeling better over the short term, but instead as an ideal opportunity to take stock of how well my body is working over the long term, too.
When you’re young, it’s easy to look at your body as a series of standalone parts; it’s only as you age, and these parts stop working together quite as easily as before (or even work at all), you begin to appreciate the fact that our bodies, in fact, are an interconnected, interdependent system, where every function must function together if one has any hope of remaining functional. And some days, it seems, my body functions a little better than others.
Now, when I go for a massage, I realize that those literal pains in the neck I’m experiencing are in fact something like physiological canaries in the coal mine, a clear sign that there are at least several parts of my body that are overtaxed, abused or just plain broken, those minor pains a harbinger of potentially major problems.
Anyone who’s ever met me knows that if there’s one thing I value, it’s my health, which is why I’m always so cognizant of what I eat and remain so committed to my fitness regimen and workout routine. I know that a sound body is key to having a sound mind and spirit, that you can only get your head right if you have eat and exercise right, too.
I know that this sounds like a decidedly roundabout approach that’s a whole lot more work than the approach most people I know seem to utilize; easier to pop a prescription drug, suffer through the pain in silence or wait until some preventable problem becomes so acute that it becomes impossible to ignore and inordinately expensive or complicated to fix.
This is because many of us look at our health as something to be reactively fixed instead of proactively prevented – much to our own detriment, mostly.
The Recruiting Cure: Don’t Solve the Symptoms. Diagnose the Disease.
It’s really quite simple: your employer, like your body, represents an integrated system where thousands of complex parts must work together and perform perfectly in perpetuity. When one part stops functioning properly, when just one part is causing the entire system to feel pain, see this as a warning sign indicative of your larger organizational health and well being, an indication that correction is, in fact, necessary.
When diagnosing the problem or discovering what’s needed to fix that problem in order to ensure a clean bill of health throughout your organization, it’s easy to look at making a correction only at the most obvious pain point.
More often than not, though, the problem doesn’t just lie entirely within a standalone part, but instead, throughout your organization’s integrated system.
And while you can massage away the most obvious culprits, it won’t actually fix the system wide problem. Solving for the symptoms without diagnosing the disease can be fatal for any organization. The problem is, there’s rarely such a thing as a quick fix. As much as we’d like to convince ourselves otherwise, staying healthy as an employer takes a ton of work and preventative, proactive prescriptions are pretty much the only cure that’s not all smoke and mirrors and snake oil, really.
There has been an entire genre of recruiting related content written about the impending “tech talent shortage,” and I don’t intend to add to a canon of work that’s already fairly comprehensive. But here’s the thing: as frustrated as recruiters seem to be with this purported skills gap or the rate at which STEM demand among employers has come to exceed market supply, every time I talk with any top tech professional, they express an equal frustration with their own job search and career development process.
While it’s easy to make sweeping claims and statistical stereotypes by looking at the aggregate, these problems are, at an individual level, easily fixable. The problem instead, I have come to believe, is that there is not actually a shortage of tech talent out there, but rather, an increasingly unhealthy ecosystem within companies, the recruiters who represent them and the candidates they’re looking for. And nowhere do I see this disconnect more clearly than in the case of cybersecurity recruiting.
Can Cybersecurity Recruiting Be Hacked?
With well publicized security breaches against both the public and private sectors perpetually in the headlines, the spotlight of public consciousness has come into sharp focus on just how vital the cybersecurity sector truly is, but recruiting and retaining top talent within this industry remains a daunting challenge.
The system is so sick in cybersecurity, in fact, a myriad of “solutions” are being developed to try to not only treat the immediate talent shortage, but also, to find a long term cure.
The cybersecurity space has recently seen everything from the launch of government programs designed to create a sort of national lexicon and standardized career terminology, including recruiting related etymology.
Additional programs have included large grants in order to get the education systems properly equipped and up to speed on training the cybersecurity professionals of tomorrow and creating more professional certification programs for those already in the industry today than you could shake a stick at.
Worst of all, cybersecurity employers themselves seem to be forsaking their search for a sweeping, systemic solution for cultivating and building a successful hiring process and candidate pipeline. Instead, they seem to be taking the slash and burn approach of cleaning out their internal talent acquisition subject matter experts entirely, either cutting off their limbs by outsourcing the function from center of excellence to out of house or else churning through contract recruiters who are given a few months to sink or swim. I’ll give you one guess as to which way that one goes.
As we all know by now, most companies – cybersecurity employers included – regard recruiting more as a necessary evil than a strategic partner, a cost center eating up overhead or a back office department charged with nothing more than tactically sticking butts into seats.
The only problem with this approach in this particular sector, however, is that the butts that these recruiters are putting into seats are the very same innovators, security engineers and cybersecurity experts that these companies need to protect their data, brand integrity and bottom line. One should look no further than Sony for a case study of how every company’s success can be compromised without a strong cybersecurity staff standing sentinel.
Black Hat: Recruiting, MeetReality.
The disconnect between recruiting and reality in cybersecurity today was never more apparent than at the recent 18th Black Hat Conference in Las Vegas. Black Hat, put simply, is the big daddy of all cyber security conferences; it’s kind of like SHRM or HR Tech, with several thousand attendees converging for a couple days of cutting edge training and the chance to work (and network) in the busiest expo hall in the industry.
As I was walking through the hundreds of booths lining the expo floor this year, I noticed quite a few who had hung out “now hiring” signs sticking out from the flashy signage and frenetic video displays.
Interested, I approached these companies about these signs, asking each of them exactly how many recruiters they had brought to the conference.
Their answer, unilaterally was “one,” since no one needs more than that, if they brought any at all. Some hadn’t even considered spending money for any hiring specialists to help with that whole “now hiring” thing – as they informed me in a derisive, patronizing tone.
Well, then, geniuses. Let’s see here. You have a sign announcing you’re hiring, along with job postings, recruitment marketing materials and employer branding collateral for several very specific, very hard to fill specialist cyber security roles you need technical staff for.
You know that at any given time at this particular event, there are literally thousands of qualified candidates passing within a 10 foot radius of your booth, but there is, at best, only one staff out of the dozens you’ve got crammed in there that actually knows anything about recruiting (and everyone else thinks the recruiter isn’t worth a damn to begin with).
Makes total sense, right? That’s what the one recruiter I met at an enormous, elaborate and inordinately expensive booth for an exhibitor who had brought 45 staff simply to man the gargantuan display thought, particularly after being told that she was only begrudgingly allowed to attend Black Hat if she paid her own way there out of pocket.
Recruiters Who Get It: The Real Tech Talent Shortage.
I’ve attended Black Hat for years now, and for the last several events at least, the issue of the talent shortage seems to be a fairly unifying rallying cry and call to arms, with attendees proposing solutions calling for everything from repealing immigration laws and restrictions such as H1B visa caps to the creation of a national CyberCorps professional training organization, kind of like a Peace Corps or City Corps, only for hackers.
One of the most widely respected news outlets, something of a journal of record within the cybersecurity space, even decided to create a sponsored “Career Zone” this year, doing so without knowing what the hell the purpose of a career fair is in the first place, much less how to go about pulling one off.
Now, granted, I appreciate the steps that this particular publication went through to bring together a group of concerned executives to provide their Career Zone with some context.
This content consisted primarily of these leaders bitching about the talent shortage, but while they had a litany of complaints, it’s clear they had no real idea what was really going on in their own talent acquisition or staffing departments, nor had they done any actual research. The sky is falling, and that’s all you need to know, it sadly seems.
While making my way through the Career Zone, I happened to strike up a conversation with a security engineer who, while not a recruiter, wasn’t shy about sharing the fact that he was kicking the tires after an incident that had just happened at the conference.
Turns out, his entire senior management team had joined him on the trip to Black Hat, and when he had bumped into them on the conference floor, he was “dressed down” for dressing casually, like every other engineering pro in the room. He explained at length, that if he was going to have any hope of actually talking shop with other techies, he couldn’t show up in a suit. Management didn’t seem to think that outweighed the violation of company protocol and projecting an image that was “off brand,” and he was still waiting to see if the incident would lead to an official reprimand. As you can imagine, he was kind of a wreck.
But he sure seemed to be making friends with a lot of recruiters who didn’t seem to have a problem with his jeans and hoodie, as far as I could tell.
Recruiting and Cybersecurity: Solving The System Error.
The volunteer organizers at a companion cybersecurity conference, BSidesLV, recently stepped forward to publicly present their own solution to solving the tech talent shortage. Their line of thinking, more or less, is “Let’s educate and do a better job training tech talent on the job search process and what recruiters really do.”
Makes sense, right? Now, I applaud these volunteers for pulling together a full day career track at this year’s BSides event, an agenda that included sessions on everything from how to hang up your own consulting shingle to interviewing and resume best practices, that sort of thing.
It was outstanding career programming, which is why I was so aghast when I found out that only 20 companies had committed to attending this event – for free – and of those, only nine (9!) showed up.
Nine recruiters for a free event full of the impossible to find candidates costing them hundreds of thousands a year in recruiting related expenses, dedicated to careers, held in conjunction with one of the world’s premiere security conferences. They must have a weird way of measuring ROI. Now, of the 9 that even bothered showing up, an even smaller handful (3, to be exact), used what I’d refer to as “good recruiting tactics.” Or as I like to say, only 3 of the employers in attendance were “recruiters who get it.”
One of the ones who didn’t have a clue, a well known tech industry giant and one of the world’s biggest (and most profitable) brands, decided to eschew bringing recruiters altogether, instead choosing to bring a “booth babe” who stayed glued to her phone all day long, ignoring every single participant while staring blankly at her screen. I’ll let you guess what they were staring at. Ugh.
Another company who no showed was supposed to present on career paths prior to bagging out at the last minute. Kudos to Matt Duren, lead technical recruiter at Tenable Security Network, for joining me onstage and filling the gap with tips and tricks we thought every tech job seeker needs to know about working with a recruiter.
One of the recurring themes – and biggest takeaways – was that in cybersecurity recruiting, the system remains broken, and finding a job remains as much of a pain in the neck as ever for these purportedly in demand candidates who can’t seem to have so much as a healthy interaction with anyone responsible for hiring or recruiting for opportunities in the organizations actually looking for candidates just like them.
They were looking in all the wrong places, and too busy cold calling to actually return the call of a warm lead. Bad call. But I personally think the system is possible, and the best prescription for the pain in the neck that is recruiting needs to get back to having a healthy relationship – and positive interactions – with the rest of the organization. Sounds crazy, I know.
Is this even possible, you ask? Yes. Does it work? Hell, yes.
What Recruiters Who Get It Get Right.
Before hitting Black Hat and BSidesLV, I had recently moderated a panel of information security recruiters who “get it” at a local cyber security conference here in DC. There, as in Vegas, the need for more tech talent and, consequently, more funding around security in the school systems, seemed to be recurring themes throughout the discussion.
My solution to this is simple: don’t worry about fixing the educational system. Fix the communication and organizational issues that are hindering security recruiting and retention efforts, first. Besides, that approach seems far easier and imminently more implementable.
If we’re going to fix this problem, we need to start now, not wait on the glacial pace of education reform to somehow run its course. We’ll be waiting forever if we don’t do something.
Leslie Taylor, Senior Pipeline Guru at ICF International, shared her best solution: actually let recruiters participate in the business proposal process firsthand. When her company goes after new business, they actually let recruiters sit at the table while the deal gets done, and can get the chance to talk to managers and leaders first hand about the kinds of talent they’re going to be expected to find, recruit, and hire.
By leveraging this approach, her firm has enough information upfront so that they do not bid on any programs they can’t fulfill nor place at a rate where it’s even worth the time to take business. No one knows if a recruiting deal makes sense – or is even possible – better than a recruiter. And perhaps no recruiter knows the cyber security space better than Leslie, who also is active in building professional partnerships by personally connecting with community institutions like veteran organizations or academic institutions.
While these alliances don’t provide an immediate hiring payoff most of the time, Leslie knows well enough to know that playing the long game always pays off, and these partnerships help connect her with, and shape, the kinds of emerging professionals who, after 1-3 years of proactive nurturing, should blossom into a robust talent pipeline for future hiring needs.
Perhaps most importantly of all, Leslie works on building relationships within her company so that every manager, leader or team that relies on recruiting across all departments (well, almost all of them) knows not only who she is, but also how she works and what information needs to be shared to build a successful, smooth talent engagement and acquisition process.
Lifestyle Changes: How To Get A Clean Bill of Hiring Health
Joining us on the panel was Kirsten Renner, who works in Parsons’ talent management group, and she shared some of her own best practices for building and maintaining strong relationships within the security community. After the presentation, she was headed not only to Black Hat, but also to DEFCON – the 13th time she’d make that trip. Kirsten is so involved in the community that she was instrumental in building some staples of DEFCON programming, such as the Car Hacking Village, which is just as cool as it sounds.
It’s taken Kirsten years to build her reputation within the community, and just as long to get internal buy in by explaining to her management just why, exactly, it was so important for her to attend these conferences and participate not as a recruiter, but rather, as just another techie in the trenches. A colleague.
Kirsten scales these relationships through her influence on social media, specifically Twitter, where she has built a tremendous track record for engaging with passive tech talent and converting them into interested candidates.
Thanks to social, Kirsten now has a clear business case to present, with a digital trail leading directly from her presence at these events into actual recruiting results – and new hires. Which is really the whole point.
What I love about all these recruiters, why I say they “get it,” is that talent leaders like Matt, Leslie and Kirsten all understand the process of good recruiting, and have worked diligently not just to fill empty seats with back office butts, but to be seen as industry insiders and experts in their own right – and are seen as team members, not another necessary HR evil that’s largely underappreciated, if not completely ignored, within the organizations they’re hiring for. And it’s paid off.
All of these recruiters have known about the value of “candidate experience,” and lived those values, long before this term became en vogue. It wasn’t something they talked about in theory – they just knew what the right approach was in practice, and, as they say, practice makes perfect. These recruiters all instilled candidate experience at the heart of every operation and interaction they had, everyday, and have taken the time to educate their colleagues and clients, too.
Do we need more tech talent? Yes. Are we suffering from a tech talent shortage? Possibly. But in this case, the medicine is almost worse than the illness. Rather than do major surgery, take a lot of drugs or radically change our lifestyle, let’s instead look for a more systemic solution.
And any viable solution must start by changing our mindsets and focusing on the things that really matter in recruiting and hiring.
A note from Kathleen:
“My local community recently lost a great recruiter, Jim Hollister. I have known Jim for over a decade of working in the government contracting community. Jim gave and gave of his time. He most recently served as Treasurer of recruitDC and it was an honor to work with him. As what happens with most long term illnesses, medical expenses pile up and we cannot cover them.
Editor’s Note: Thanks to the support of Recruiting Daily, Kathleen Smith’s writing fee will be donated to Jim Hollister’s Crowdrise campaign. We’d like to encourage our readers to join us. MC.
About the Author: As Chief Marketing Officer for ClearedJobs.Net, a veteran owned company,Kathleen Smith spearheads the community-building, and communications outreach initiatives catering to the organization’s many audiences including security cleared job seekers, military personnel, and cleared facilities employers in the defense and intelligence community.
Kathleen has built key relationships with government contracting and recruiting industry leaders as well as agency insiders over the last 10 years in the community.
Building upon her 20+ years of extensive marketing experience and insight, Kathleen brings a passion to creating unique and interesting ways to communicate with niche communities to build brand visibility, heighten awareness and establish viable, authentic relationships with ClearedJobs.Net’s friends, supporters and followers.
Kathleen is a frequent presenter and blogger on the many uses of social media for marketing and recruiting building upon her years of experience navigating different kinds of social media to obtain program success. She was recently elected President of RecruitDC.
Editor’s Note: Recruiting Daily has made a donation to J