Category Archives: Job posting tips

niche job boards value

SHRM Examines The Value of Niche Job Boards

This article originally appeared on SHRM here.

Niche Job Sites Still Valuable as Legacy Boards Fade

By Roy Maurer

Smaller, atypical job boards segmented by industry and region help target relevant talent but require more proactive work from recruiters to be truly effective.

Staffing firm Randstad’s 2016 acquisition of an ailing Monster—one of the original behemoth online job boards—and indications that the sole remaining mega-board CareerBuilder is also for sale have reignited discussions on the recruiting blogosphere about the decline of the model.

“The big job boards are not exactly the darlings of the recruitment industry these days,” said Chris Russell, a recruiting technology and job board consultant with RecTech Media, based in Trumbull, Conn. Russell curates a free database of more than 1,100 job boards.

“Recruiters are balking at their high prices and the many unqualified candidates that they generate.”

But savvy talent acquisition professionals know that not all job boards are waning, and in fact, smaller niche boards that cater to specific regions, membership associations, specialized industries and types of contracts are a valuable tool for recruiters. Examples of niche boards include AllRetailJobs, CollegeRecruiter, JobsInLogistics, Medzilla, GitHub and Minnesotajobs.

“Niche job boards are particularly useful for cutting through the clutter and finding talent for hard-to-fill roles, specialized positions, specific industries—or to tap into unique candidate audiences, such as military veterans,” said Susan Vitale, chief marketing officer at Matawan, N.J.-based recruitment software provider iCIMS.

“Niche boards will always play a part in recruitment advertising,” Russell agreed. “By posting jobs or searching resumes on these sites, the employer has access to a targeted pool of candidates on demand.”

[SHRM members-only how-to guide: How to Target Passive Job Seekers]

But recruiters might be wasting their time if they treat these sites as they would Monster or CareerBuilder. “If you are going to a niche board and throwing up a generic job ad and expecting big results, you’re probably going to be disappointed,” said Jessica Nettleton, recruitment media strategist at end-to-end recruitment services firm Decision Toolbox.

“If recruiters actively source from niche boards and proactively engage with potential candidates, then [the boards] can be a huge value,” she continued. “It’s not a ‘post-and-pray’ situation. You won’t reach the numbers that you would by using a bigger job board, but you will probably reach the right candidates. If recruiters do the work, they will see a ROI [return on investment].”

Quality over Quantity

Recruiters are often frustrated with having to sift through a massive amount of unqualified applicants to find suitable candidates. Niche boards don’t boast the traffic of sites like CareerBuilder and Monster but are more likely to attract candidates with specialized skills and relevant experience, leading to lower cost-to-fill and higher quality-of-hire, according to experts.

Amber Hyatt, SHRM-SCP, director of product marketing for SilkRoad, a talent management system, noted that niche job boards may be a particularly effective way for organizations to snag candidates in high-demand industries, or to help ensure that companies meet their compliance goals regarding diverse candidates and veterans.

A recent survey conducted by iCIMS revealed that military veteran job boards are one of the top sources veterans use when searching for a new position. “Employers should make it a priority to showcase their brand on these types of niche job boards to find and attract best-fit talent,” Vitale said. iCIMS partners with job-distributing engines like JobTarget and eQuest to enable employers to post their jobs on many boards, including niche sites.

“The targeted aspect is the main benefit, whether we are talking about an industry-specific candidate or one where location is a big factor,” Russell said. He added that in his experience, niche sites are more approachable and do more to engage their clients. “One of the big ways they contrast with bigger sites is customer service. When I ran my boards in the 2000s, I knew a lot of my customers by first name and I also met many of them in person.”

attract cybersecurity talent

Looking to Attract Cybersecurity Talent? Enhance Your Covert Ops. Domini Clark to The Staffing Stream

InfoSec Connect founder and cybersecurity recruiting expert Domini Clark shared her tips on how to attract cybersecurity talent in a recent article in The Staffing Stream.

Excerpt from the article:

Cyber-attacks are on the rise, with a 38% jump in security incidents from 2014 to 2015. Companies in all industries are vulnerable, regardless of size – some 43% of attacks target small business. Attacks can cost into the millions for a single data breach, and more than half of these costs are related to lost business due to customer churn.

Since the best approach is prevention, it’s clear that cybersecurity needs to be part of your IT program. Finding the right talent is not so clear. Cybersecurity professionals are a unique group, so you’ll need a recruitment approach that is different from what you’re using with other positions.

A Unique Profile

The best in the trade think like the criminals they oppose, enabling them to anticipate hacker tactics and identify chinks in a system’s armor. Insiders joke that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating under the radar.

Very few post résumés, so you’ll need to leverage your best networking skills and hardcore power searching techniques. Be creative, Sherlock. But don’t email a link — they don’t click on links from unknown sources. Send a PDF with instructions for connecting with you.

Sell, Sell, Sell

Some estimate that half of cybersecurity professionals get a recruitment call at least once a week. If you reach out with a standard list of duties and requirements, your message will wash out among all the other background noise. You have to court talent in all areas, especially with hard-to-fill roles. Don’t think of it as a job posting, think of it as a sales pitch. Instead of focusing on what your company needs, lead with the selling points that will engage your target audience.

In general, cybersecurity professionals want the opportunity to:

  • Take on intriguing work that is varied and unique.
  • Try new tools and techniques to keep up with the ever-evolving threat landscape.
  • Do more than just scratch the surface, including taking some deep dives into systems and code.
  • Work remotely, even if only two or three days a week.
  • Receive recognition and rewards, like the rest of us.

Apply Social Media Liberally

The content doesn’t have to be about job openings. Think of social media as digital pheromones that make your company attractive. Have team members in all disciplines share their ideas and insights. Blogs and tweets help establish your company as a thought leader, enhancing your brand.

But be sure to target the cybersecurity community specifically, including forums and discussion groups. Encourage your existing cybersecurity and IT talent to write blog posts and white papers on the topic. Spray those pheromones where they’ll get the best results.

Stay Loose

With a pool this small, you can’t run an effective search if you focus only on screening people out. Loosen the requirements. For example, since security threats are constantly evolving, a degree probably isn’t as important as current experience. Another tactic: Instead of asking for five to seven years of experience, ask for three to five and highlight the opportunity for career growth.

Hopefully you weren’t expecting fast and easy tips for recruiting cybersecurity talent. You’ll have to invest time and money, but you can think of it as insurance against multi-million dollar losses.

Drawing Underrepresented Groups from the Shadows To Build the Cybersecurity Talent Pool

If you’ve been following this series, it should be clear by now that cybersecurity talent represents one of the biggest needs in IT but also one of the smallest talent pools. In Parts 1 and 2 I shared advice for attracting cybersecurity professionals to fill those right-now needs. Taking a longer term view, the demand will continue to grow, and it is in everyone’s interest to promote growth on the supply side as well.

Women and other underrepresented groups comprise a large, untapped talent pool. According to the National Cybersecurity institute, the U.S. Department of Labor’s 2015 population survey indicates that women hold only 19.7% of cybersecurity jobs, while African Americans, Asian Americans and Latinos combined hold only 12%. Women alone represent more than half of the U.S. population, so the potential numbers are out there.

Adjourn the Good ‘Ol Boys Clubs for Good

Discrimination is only one factor. For example, women continue to choose careers in traditional areas such as education, healthcare and social work. Just the same, lack of diversity can make cybersecurity departments look like good ol’ boys clubs, further discouraging members of underrepresented groups from pursuing careers in this space. Those who do often feel like the “odd stepchild” of a team or department. People in these situations report feeling as though their voice is not heard.

Leaders in the field need to make a point of integrating and welcoming women and other underrepresented groups, ensuring that they are engaged, contributing members of the team. One way to do this is to hire and/or develop members of underrepresented groups into your leadership ranks in IT and, ideally, cybersecurity. “Women at the senior level are beacons for other women,” says Elizabeth Ames, of the Anita Borg Institute for Women in Technology. Undoubtedly this is true for people of color as well.

Proactive Engagement

Another strategy is to implement targeted outreach programs. According to the Wall Street Journal, big banks like J.P. Morgan Chase and Citigroup are getting results by hosting events and programs targeting different groups. Some have even started “re-entry” programs to attract women who took a career break to start families.

Post openings on job boards of associations and magazines like the National Black MBA Association, Ascend Pan-Asian Leaders, National Association of Professional Women, Association of Latino Professionals for America, and others. For entry-level roles, recruit from colleges and universities that have large numbers of students from underrepresented groups.

Diversify Your Employment Brand

Members of underrepresented groups can promote their own interests by getting involved with organizations like the Women in Security special interest group within ISSA, Women in Technology (WIT), Blacks in Technology (BIT), the International Consortium of Minority Cybersecurity Professionals (ICMCP), and others. If your company is serious about attracting diverse talent, you should get involved in organizations like these — establish a reputation for supporting diversity in the cyberspace profession.

According to Sharon Florentine of CIO.com, two other big issues are access to and the cost of training. A one-week class can cost $5,000. However, organizations like Cybrary.it and SANS CyberAces are fighting this by offering free online courses. As I suggested in Part 2, companies can enhance their employment brand by providing training in general — combine that with targeted recruiting, and your company could become recognized for being a trailblazer.

Most commenters on this topic agree that women and underrepresented groups should be encouraged to explore cybersecurity careers at a young age. Melinda Gates, for example, recently launched a new initiative to attract and retain women in tech fields, citing a “leaky pipeline” in education as a key issue. Your company should attend career events at high schools and middle schools, ideally sending employees who represent the target demographics.

This post only scratches the surface of a large and challenging issue. If you have strategies that working for you, please share them, below.

Connect with Domini on LinkedIn.

recruiting cybersecurity professionals

Unclassified at Last: A Field Agent’s Guide To Recruiting Cybersecurity Professionals

This blog series on recruiting cybersecurity professionals kicked off in Part 1 with some sobering facts about the frequency and cost of cyber-attacks in the U.S., underscoring the urgency of recruiting talent in this space. You probably know that demand far outweighs supply. In that post I shared some tips for recruiting cybersecurity professionals, and here I’ll share even more. Then stay tuned for Part 3, where I’ll explore a resource pool with rich promise: women and other groups — more than half the population — are sorely underrepresented in the cyberspace professions.

Invest or Be Hacked

Many executives still clench at the idea of throwing more money at a “cost center” like IT, but the threat of cyber-attacks is very real. The 2016 Ponemon Institute Cost of Data Breach Study recommends treating the cost of data breaches as a permanent cost, and budgeting accordingly. They also claim that the average cost of a single data breach in 2015 was $7 million, across all businesses, small to enterprise. If it saves you $7 million, the ROI on paying a couple of cybersecurity professionals turns this investment from a drainer to a no-brainer.

Keep those unclenching exercises handy, as you’ll also need to be prepared to pay premium. Cybersecurity professionals know what they’re worth, and it’s pretty high in the IT pay bands. The gap between supply and demand is daunting; according to Cisco’s 2014 Annual Security Report, there are between 500,000 to 1 million unfilled cybersecurity positions in the U.S., and that gap is expected to grow. You may be reluctant to pay market value, but if your competitors will pony up, you’ll be stuck on the wrong side of the firewall.

While the purse strings are loose, be sure to include professional development opportunities, such as ongoing training and conference attendance. Not only will it give you an edge in the talent market, but it also will ensure you cybersecurity staff stays current. Threats are constantly evolving and what your people learned last year is already outdated. Can you afford to leave your company’s assets vulnerable?

If you’re still with me after that dose of dire reality, you’ve earned a reward: more tips for recruiting cybersecurity professionals.

Maintain a Robust Presence on Social Media 

This is good general recruiting advice, but be sure some of your efforts target this group. Join cybersecurity forums and discussion groups, for example. Encourage your existing cybersecurity talent and ranking IT leaders to write blog posts and white papers on the topic. This will help enhance your organization’s credibility as an employer of choice among cybersecurity pros.

Loosen the Requirements on Your Search

Tough sell, I know, but focus on the fact that experience is probably more important than a degree. Instead of asking for 5 to 7 years of experience, ask for 3 to 5 and highlight the opportunity for career growth. Conversely, consider hiring right out of school and promote the opportunity to gain hands-on experience alongside your existing resources.

Build for the Future 

Don’t let your urgent needs keep you from looking ahead. This is an ambitious suggestion, but consider offering on-the-job training to turn raw recruits into cybersecurity sleuths. It will be a major investment in your employment brand. Larger corporations, for example, can implement internal training programs that develop cybersecurity professionals from interns, while smaller companies can use outsourced training.

You can try retraining existing IT staff, but keep in mind that success in cybersecurity takes a certain mindset. Ideally you have a System Administrator who can channel her inner hacker and ask, “What would I do if I wanted to get past these security measures?”

In the final installment I’ll continue in the big picture, forward-thinking vein, and explore ways to draw more women and other underrepresented groups into the profession.

Connect with Domini on LinkedIn.

Engaging Cybersecurity Talent

Undercover Recruiting: Tips for Engaging Cybersecurity Talent

It can be easy to think of cyber-attacks as something that only happens to other companies. Unfortunately, a more realistic view is not whether it will happen, but when it will happen to your organization. Cyber-attacks are on the rise. PwC’s Global State of Information Security Survey 2016 stated that, across all industries, there were 38% more security incidents in 2015 than in 2014.

It doesn’t just happen to giant corporations like Yahoo!, Sony and T-Mobile. SmallBizTrends.com claims that 43% of attacks on businesses target small business. Large or small, it can cost you plenty. The average total cost of a single data breach was $7 million — up from $5.4 million in 2013 — according to the 2016 Ponemon Cost of Data Breach Study. More than half of these costs are related to lost business due to customer churn.

The best approach to cyber security is to prevent the hacks, attacks and breaches. However, as you probably are aware, there simply aren’t enough talented IT security professionals available to do this work. In the first two parts of this three-part blog I’ll provide some tips for optimizing your efforts to recruit cybersecurity talent right now, as well as some longer-term suggestions for attracting more people to this field. In part three I’ll explore some ways of promoting inclusion and integration of including women and other underrepresented groups — well over half the working population — into the profession.

Making Contact: “I’ll Be the One with the Red Carnation”

The best cybersecurity professionals think like criminals. The joke in the industry is that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. They know better than to have a high-profile online presence. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating in “stealth mode.”

You won’t find their résumé on CareerBuilder or LinkedIn, so you’ll need to leverage your best networking skills and hardcore power searching techniques. If your quarry thinks like a criminal, you have to think like Sherlock Holmes to track them down. Don’t email them a link to apply — they won’t click on a link from an unknown source (and neither should you). Send them a PDF with instructions for connecting with you.

They’ve Heard it All Before

The demand for these professionals means that they are constantly hearing from recruiters. InformationWeek’s DarkReading.com cites new research by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) indicating that about half of cybersecurity professionals are contacted by a recruiter at least once a week. If you post a standard HR job description of duties and requirements, it will wash out among all the other background noise.

In today’s talent market you have to court talent, and that is triply true of cybersecurity professionals. Don’t think of it as a job posting, think of it as a sales pitch. Resist the ingrained habit of listing what your company needs, and focus instead on what will engage the interest of your target audience.

What They Want and When They Want It

Your pitch should appeal to this group’s common hot buttons:

  • They want to do intriguing work that is varied and unique — let them use their devious creativity to your company’s advantage.
  • They want to try new tools and techniques to keep up with the ever-evolving threat landscape. If you’ve got the coolest technology, your pitch should highlight that.
  • They want to do more than just scratch the surface . . . offer them opportunities not only to look under the hood, but also to take some deep dives into your systems and code.
  • They want the option to work remotely. Your organization may cling to traditional models, but if virtual options give you an edge in the talent war, it’s time to loosen up.
  • They want to know that the organization appreciates and values their contribution — like other employee in your company. If you don’t have a proactive recognition and rewards program in place, now’s the time.

In Part Two I’ll share more recruitment tactics and strategies, as well as some ideas about building a longer-term talent pipeline, including attracting more women and underrepresented groups to the cybersecurity profession.

Connect with Domini on LinkedIn.

hiring in information security

Hiring in information security

In this tough information security market, many organizations make the mistake of approaching talent the same way they approach all other organizational hiring. The truth is, you can’t hire quality information security talent the same way you hire customer service reps. If you just run an ad pulled from the job description HR gave you, don’t be surprised when the top talent you’re searching for is not interested.

Continue reading Hiring in information security

niche job boards

Niche Job Boards: The Power of Precision

Why should you consider using niche job boards for your sourcing strategy? The truth is that there are a lot of tools out there to bring employers and candidates together. Many promise the newest and greatest, but the formula is really very simple. At the end of the day, you must communicate who you are and what you want to a receptive audience. You can scream from the rooftops about the greatest snow boots in town, but if you choose a rooftop in Miami you wont be taken seriously. Continue reading Niche Job Boards: The Power of Precision