How to Draw and Retain Top Talent in Cyber Security

Rethinking your recruitment practices to attract and retain a more diverse workforce is the key to plugging cyber job gaps.

Simon Eyre, CISO, Drawbridge

September 13, 2022

4 Min Read
wooden security lock with wooden people nearby
Andrii Yalanskyi via Alamy Stock

As cyber criminals’ tactics become more sophisticated, the need for high-impact strategies to reduce the threat to your organization is vital. With 39% of businesses experiencing an attack within a year, hiring professionals who can mitigate the risk from within has never been more pressing.

Cyber security experts are more in demand than ever. In the UK alone, there are estimated to be between 100,000 and 150,000 unfilled cyber security positions currently. And despite government efforts, a national cyber skills survey found that half (51%) of all private sector businesses in the UK have identified a shortage of basic technical cybersecurity skills.

For a job function that barely existed a decade or two ago, skilled cybersecurity professionals are now in a position where they can call the shots. So how do you attract the best?

If you as an employer are offering good salary packages, working conditions, and compelling career progression opportunities, what more can you do to attract these professionals and protect your business from a growing threat? Here are three suggestions:

1. Target early

Global student news site Stunited has recently listed cyber security in the top six most high demand jobs in the UK. Consider recruiting practices that attract early-stage applicants. Explore in-person and virtual events to connect with students and invest in on and offline marketing strategies to target them at a stage when they are still considering the plethora of options for their future.

2. Diversify your target audience

In the UK 85% of cyber security practitioners are white, and 64% are male. It’s therefore important to widen the net to attract a pool of applicants from underrepresented groups. There are numerous benefits to having a diverse workforce. A 2017 Boston Consulting Group (BCG) study identified diversity as a key driver of innovation, finding that diverse teams produce 19% more revenue. Diversity also brings differences in ways of thinking and experience and has also been attributed to increases in productivity and a reduction in staff turnover.

3. Review your recruitment processes

Before you introduce policies to increase diversity, you need to know who is currently applying. Gather data on applicants to establish if you need to take proactive steps to attract specific groups – you can’t make rational business decisions without data.

Analyze job descriptions to eliminate bias so you aren’t deterring anyone. Review the language -- are you unconsciously drafting job advertisements and application forms with a white male in mind?

Consider a post-application survey so you can establish what is appealing to recruits and what might cause them to drop out. You’ll be surprised how many people want to share their feedback because a negative job application process can deter an applicant for good, and you could be missing out on the best talent through ignorance. We implemented an Applicant Tracking System to understand the sources our candidates are coming from, see how diverse the candidate pool is (or not), and improve the candidate experience by being able to track how their process progresses and ends.


Once you’ve got these cyber professionals on board, you need to keep them. In an increasingly competitive environment, you want to ensure they are committed, and won’t be tempted by other companies offering something apparently better. But how will you know this? These two approaches may help:

1. Introduce regular feedback

Introducing continuous feedback is vital. Firstly, taking time to listen demonstrates recognition of psychological safety and helps them feel empowered. Holding sessions regularly provides a chance to share any concerns early so they can be addressed before they escalate. If you only have a standard annual performance review, you may lose that team member before they have an opportunity to air their grievances.

2. Ensure an open culture

Ensure feedback processes promote a culture of openness and authenticity. If the employee feels uncomfortable, the entire exercise serves no purpose. Perhaps it is establishing an informal coffee outside of the office, rather than an intimidating formal meeting. Offer an objective ear -- perhaps the team member doesn’t want to share their concerns with their line manager but will be more open and honest with someone they don’t directly work with.

The day-to-day work environment should also promote a culture of openness and idea-sharing. The best cyber professionals tend to be inquisitive and eager to learn so giving them the chance to evaluate or work on new projects to ‘feed’ this natural curiosity will help them feel valued and fulfilled.

The Journey

At our company, we’re on an ongoing and evolving journey in terms of diversity and inclusion but are already seeing an impact when it comes to filling cyber roles.

Since we introduced HR policies including refining job descriptions and widening our candidate search, we’ve seen an increase in underrepresented groups applying, and are seeing improved efficiency amongst hiring managers as a result of finessing our procedures.

We see diversity and inclusion as a learning journey, but we’re on the right track. In the fight for the best cyber professionals, the companies that demonstrate an open mind and objectivity as well proactive steps to reach and appeal to a diverse pool, are the one that will be rewarded.

About the Author(s)

Simon Eyre

CISO, Drawbridge

Simon Eyre is Managing Director and Head of Europe, leading Drawbridge’s engineering, product, and customer engagement teams across Europe.

Simon brings more than 20 years of deep expertise in the financial services sector as well as IT governance, technology architecture, cybersecurity, and corporate strategy experience to Drawbridge. He most recently served as Director of Information Security at Edge Technology Group and was responsible for cybersecurity for both Edge and its clients. Previously he held multiple senior management roles at Eze Castle Integration, ultimately serving as Director of Service, where he oversaw all IT engineering, client relations and project management throughout London.

Simon is a graduate of Rutgers and NJIT Universities with a degree in Electrical Engineering. He holds a CISSP certification.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights