Australia’s unemployment rate could sink below 4 per cent this year, and fall further to 3.75 per cent by the end of 2023, the nation’s Reserve Bank forecast in February. If reached, that would be the lowest jobless rate in Australia in nearly 50 years. AISA communications manager Nick Moore asked cyber security recruiters, including Jim Morris from Synchro Partners, what this would mean for hiring and retaining staff in the already challenging infosec industry.
If Australia’s unemployment rate falls below 4%, how will that affect staff retention in cyber security?
Jim Morris: “With unemployment rates forecasted to fall below 4 per cent, this amplifies an already apparent short supply of accessible talent in the market and intensifies competition amongst employers, with the possibility of your staff being tempted to greener pastures.
New projects, new technologies and career growth opportunities arise every day so it is evitable that the ‘musical chairs’ in the cyber security marketplace will continue.
This is the nature of the beast as seen in the competitive market pre-GFC (Global Financial Crisis).”
If it falls below 4%, how will it affect recruitment?
Jim Morris: “Prospective, available candidates are already in low-supply, whether you are the local burger shop or a national cyber security firm. That is the brutal truth.
A key difference is, however, cyber security is a relatively niche, specialist area, with an already limited talent pool of available candidates. Couple that with the requirement for candidates in our sector to frequently upskill to keep up with constant changes and we’ve got a recipe for a different level of skills shortage.
Employers will face multiple challenges and obstacles when recruiting new staff – increased competition for talent, less overall supply and changes in candidate/jobseeker behaviour and expectations.
Now is a critical time for employers to review their value proposition to potential recruits out in the marketplace. What can you offer that the competitors in your segment can’t?
In my recent experience securing candidates within areas such as cloud security, penetration testing, incident response/threat intelligence or niche GRC (governance, risk and compliance) areas (IRAP, ISM, PCI) has become increasingly difficult for employers because of the market conditions.”
What advice would you give employers around staff retention? Is it possible to offer too many inducements?
Jim Morris: “First take a step back and really understand what you currently offer and how it stacks up against your competitors. Then look at adding extra value from there.
As a cyber security professional, continually developing their skills is the only way to keep up with the pace and demand of the market. What new skills are you offering your staff? What kind of programs can you offer them to be working on?
These are the key areas staff will consider against other options if they develop a ‘wandering eye’ for new opportunities as they are tangible ‘value adds’ for careers.
It can be easy to get swept up in the price/wage wars, having pinball machines, table tennis tables and fully stocked beer fridges but getting the real, measurable value propositions by way of professional development opportunities is a fundamental starting point for employers.”
What advice can you give around sourcing and hiring staff in this increasingly competitive jobs market?
Jim Morris: “Look inwards first. Have you really looked at which individuals within your organisation have the potential (and willingness) to upskill in order to fill your capability gap? Oftentimes I see clients quick to skip this step, missing real opportunities to find the capability readily available in house, and an opportunity to positively affect retention rates.
Be pragmatic about your list of requirements. Be realistic about what’s readily available out in the market. Does that candidate really exist and can you secure them within your target timeframe? If the answer is not an unequivocal yes, it’s likely time to consider where you can replace hard requirements with opportunities for prospective candidates with relevant experience to develop and upskill.
Moving fast is critical in the current market. Assess your current recruitment process, identify the bottlenecks and where the opportunities to streamline are. Much more often than not, this does not have to compromise the thoroughness of your process.
Candidates are not on the market for long and are often presented with multiple opportunities and offers at any given time.
Know your competition. What is your competition doing and offering and how does your organisation offer a compelling option as a comparison? This could be around a number of different factors – remuneration, professional development opportunities, flexible work arrangements and company culture. You need to know how you’re positioned against competing organisations to help target and secure the right candidate audience.”
Is it better to leave a position vacant than hire a substandard candidate? What strategies can employers deploy to cover for vacancies?
Jim Morris: “Look inwards first. Before going to market, which individuals in the business could redeploy into this role? Sometimes the answer lies within. Is this another opportunity to allow a team member to upskills? This can only have positive effects on your retention rates.
Consider a contingent workforce. A contractor resource has been a viable solution within our industry for years, often in a full-time capacity. Though, the working world is evolving, with the ‘Gig Economy’ seeing a noticeable boom in recent years. Many candidates in the cyber security space have started to engage with clients either on a part-time, ad-hoc or advisory capacity.”
This article was originally published as How Record-low Jobless Rate will Impact Cyber Security Hiring, Retention by the Australian Information Security Association (AISA). This abridged version is published with kind permission of the author.
Jim has over eight years’ experience recruiting in the Cyber Security sector across the UK and Melbourne, and is passionate about contributing to uplifting cyber security capability in Australia. He takes pride in his ability to find and build long lasting relationships with hard-to-find, niche talent in his sector. Jim is an active member of the cyber security community, frequently undertaking guest speaking roles at industry events and guest lecturing at various universities.