It wasn’t long ago that when a job vacancy came up, you placed an ad in a newspaper or industry magazine, received a bunch of résumés, interviewed the best candidates, and hired someone—all within a few weeks. These days, it is not so simple.
Job sites and job apps are everywhere. Far from making things easier, all this help has made the hiring scene more complex. LinkedIn and other forums have turned into headhunting heaven. Instead of helping IT find talent, they are often the culprits that lure key personnel toward potentially better or higher paying opportunities.
Add in the Great Resignation and historically low unemployment, and it’s tough for managed services providers (MSPs) and managed security service providers (MSSPs) to find the talent they need to maintain service-level agreements (SLAs) and meet increasingly complex client demands. That’s leading to high levels of dissatisfaction among MSP clients, making hiring amid a skills shortage a critically important issue for MSPs and MSSPs.
Understanding the IT Jobs Market
According to the Skillsoft IT Skills and Salary Report 2021, more than three quarters of IT decision-makers are dealing with key skills gaps. This is up 145% compared to five years before. There just aren’t that many unemployed IT specialists around, which means that potential recruits can pick and choose employers based on salary, benefits, location preferences, and more.
Within the IT field, the situation in cybersecurity is even worse. Based on the InfoSec IT and Security Pipeline survey, 92% of respondents voiced major problems in filling open positions. The situation has deteriorated further in the first few months of 2022.
Another survey of cybersecurity professionals by Enterprise Strategy Group (ESG) found that 95% have seen no improvement in the skills gap over the past few years. And half think the skills gap is widening.
Top Positions are in the Highest Demand
Every IT position is likely to be difficult to fill. But IT and security executive positions and those with sought-after certifications face the stiffest competition. For many organizations, the price of entry into this rarified market may be too high.
According to Paul Horn, founder & CEO of H2Cyber, the average salary of a chief information security officer (CISO) in the U.S. is $273,030. That is certainly beyond the means of many companies. Most other C-level positions in IT command hefty salaries, too. For instance, the average chief information officer (CIO) pay in the U.S is around $170,000.
This makes searching for qualified individuals to fill these roles even more challenging, as the cost of hiring is steep, but failure to meet these rates could mean losing top talent to competitors.
Top Certifications Mean Top Dollars
Although, not everyone is looking for a CISO, a CTO, CIO, or experienced IT manager. Many seek trained technologists such as developers, risk managers, storage administrators, networking engineers, security managers, security directors, security engineers, network analysts, or cloud architects.
It was once the norm to ask for certain IT certifications as a key qualification for these positions. But the competition to hire holders of top certificates is so intense that few can afford them. Those offering a modest salary will either have to scale down their requirements in terms of experience and qualifications or pay more.
The annual Top Paying IT Certifications list from Global Knowledge laid out the hottest certifications in terms of pay rate, with each commanding around $150,000 a year:
- Google Certified Data Engineer
- Google Certified Professional Cloud Architect
- Amazon Web Services (AWS) Certified Solutions Architect—Associate
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
If there is a golden ticket to higher pay in IT, these certifications are it. Holders of any of these certificates will find themselves being offered all sorts of lucrative moves. Although, giants like Google and AWS tend to hire many of these individuals.
Grow Your Own Talent
Facing such unprecedented levels of competition on the hiring front, what are MSPs and MSSPs to do?
With everyone competing for the top 10% of IT and cybersecurity resources, a smart approach is to find what you need among the remaining 90%. Instead of paying a quarter of a million for a CISO with a fancy certificate and lots of experience, set the bar at the mid-range; find someone exceptional and groom them into being an IT superstar.
Moreover, there are likely to be good specialists with career aspirations and plenty of raw talent within your current personnel. They just need more training and apprenticing to rise higher in the ranks.
Done well, this can even become a reason why good young talent comes to you. They notice that a great many of your recruits are transformed into some of the leading lights of IT and cybersecurity. They want to come to you as they know they will learn the trade and stand a good chance of a more lucrative offer.
This may seem to some like a recipe for trouble. Why train them only to lose them? For one thing, you will retain many. A good number will also want to return if they have a bad experience at their dream job. And you will gain a steady pipeline of eager young applicants that are happy to spend a few years with you and work hard. It’s infinitely better than lacking the IT talent to keep your clients happy.
Hire Entry-Level People and Train Them
Another feasible tactic involves finding people who can be trained to do skilled jobs and offer them that training as part of the salary package. It can even work with entry-level personnel. Hire them for the same or a little more than the going market rate. The lure of training may tip the balance in your favor if they have multiple offers.
And if your company lacks qualified individuals who can personally train these recruits, then you can choose from the many, and sometimes free, training options available out there. Some examples on the cybersecurity side include:
- Microsoft Certified: Security Operations Analyst Associate
- SEC560: Network Penetration Testing and Ethical Hacking by SANS Institute
- InfoSec Skills
Further, useful skills can be learned from certifications, such as the Data Governance Certification and Data Literacy Master Class available from DataManagementU; Certified Data Recovery Professional from IACRB; and the Infosec Data Recovery training course. These represent just a sampling.
There are also a great many independent certifications that offer skills related to areas of technology as opposed to training built around specific vendor platforms. Vendor-focused training should also be included. Oracle, Cisco, IBM, SAS, Google, Amazon, Microsoft, and others offer plenty of training options, many of which are free or low-cost.
Beyond pressing internal needs, a good way to gauge the skills to train personnel on is to pay attention to Foote Partners’ IT Skills and Certifications Pay Index. It lists the skills in highest demand.
In it, cybersecurity, threat intelligence, DevSecOps, identity and access management, security testing, management of a security infrastructure, security architecture, and encryption are top categories. Further IT skills that are rated highly by Foote Partners are data warehousing, business intelligence (BI), enterprise resource planning (ERP), and web applications.
“These IT skills are among those earning the highest pay premiums,” said David Foote, an analyst at Foote Partners. “Risk analytics exploits internal and external structured and unstructured data to model scenarios and outcomes, providing insights into areas such as fraud risk, market risk, IT risk, and financial risk.
“The resulting insights provide an organization with a plethora of benefits to security, operational continuity, and competitive advantage.”
Older Workers and Retirees
Another way to gain skilled IT personnel is to tempt older individuals into rejoining the IT field with attractive schedules or even part-time positions.
Around three million people a year have retired since 2005. And with the Baby Boomer generation retiring in waves during 2022, you may be likely to find someone more willing to stay around longer than younger generations.
“The pandemic led to a huge number of Americans choosing to retire early,” said Tom Strong, director of employer activation at National Fund for Workforce Solutions. “Corporate executives need to examine the value proposition they are offering to current and prospective workers, and that includes thinking about workers over 50, who are likely underutilized at this time.”
In some MSPs, though, hiring bias may be getting in the way. Recruiters are often young and may unconsciously be ignoring older applicants. Applicant filtering systems, too, sometimes eliminate people beyond a particular age as well as those who have gaps in their employment history or lack very specific skills.
“The technology being used to screen and filter candidates may be skipping over those who may be well-suited for employment,” said Greg Schulz, an analyst with Server and StorageIO Group. “Many great candidates may be slipping through the cracks due to how the selection process is defined.”
Look for Diversity
Much has been written about the male-denominated IT culture, so another way to attract talent is to become known as a place that values diversity. Look to expand the representation of women in IT, and look to hire and develop those from other underrepresented groups too. Many community colleges have strong IT programs in addition to a more diverse student body than four-year colleges. Internships can be another area where you can create opportunity while developing talent early.
Partner with Schools and Programs
By the time people graduate high school, community college, or university, their minds may already have been made up in regards to their preferred place of employment. It may be advisable, therefore, to enter the hiring pipeline earlier by partnering with a variety of academic institutions, offering career days, internships, hiring opportunities, and perhaps even some career training in IT.
It is strongly suggested to partner with local academic institutions and other entities such as technical schools and certificate programs. By forming a connection earlier with emerging graduates, many will gravitate to the company that took an early interest in them.
Get Used to Departures
A couple of generations back, someone would join IBM fresh out of college and remain there through an entire career. Those days are long gone. Most people stick around at one job for only a short period. The average job tenure in the U.S. is 4.1 years, according to the Bureau of Labor Statistics. It is even shorter at financial services firm Citi.
“We’re going from older generations that joined the company out of college and spent their career with us, to younger generations spending 2.8 years on average and move on,” said Andrea Legnani, director of global head of alumni relations at Citi. “But, as much as they’re more willing to leave, they’re also more willing to return.”
About 10% of the Citi employee base are people who left and then returned. That amounts to 20,000 out of 200,000 total employees.
IT, then, could also get smarter when it comes to offboarding of personnel. With IT headhunting being so virulent, it is inevitable that you will lose many personnel. But a big trend is that many leave only to find that the old job was a much better environment than the new one. The pay may have been better at the new place, but the people around them weren’t exactly welcoming—or the stress level was too much to bear.
An academic study, Turn Departing Employees into Loyal Alumni, discovered that offboarding errors seriously hurt organizational brand image and lengthened the time it took to fill jobs. As many as 80% of departees expressed willingness to return and as much as 20% of open jobs tend to be filled by alumni on average. The report also found that alumni hires fill jobs 50% faster with a 73% reduction in time to productivity.
“A well-managed offboarding process can turn employees into loyal alumni who become customers, suppliers, boomerang employees, mentors to current workers, and ambassadors for the firm,” said Erin E. Makarius, an associate professor at University of Akron and one of the authors of the report.
Therefore, smart offboarding practices would include preparing for departures well in advance, recognizing people’s contributions when they leave, conducting thoughtful exit interviews, providing tailored support for the transition, and creating formal programs to keep alumni connected to the organization.
“There is real value in maintaining a connection to former employees, whether for recruiting, referrals, sales, business development, or as brand advocates,” said James Sinclair, CEO at EnterpriseAlumni. ”With employers investing so much in the success of their employees, why stop at the moment of leaving and shut the door?”
The offboarding process, then, should be used to instill continuing loyalty and maintain a connection. Ways to achieve this include offering mentoring, learning opportunities, networking, social support, partnerships, and referrals.
Become a Top Place to Work
The higher up the pay scale you rise, there is a tendency to encounter a more competitive or even a dog-eat-dog mentality. This can also carry over in the businesses that pay IT and cybersecurity the highest wages. They don’t often come up as top places to work in terms of employee welfare. Another way to attract talent, then, is to set up a work culture that manages to combine high productivity with a good employee experience (EX). This is an area where IT has traditionally excelled.
“Only 24% of information workers strongly agree that their manager is concerned about the welfare of the people who work for him or her,” said James McQuivey, an analyst at Forrester Research.
Those companies that make IT the place to be will find recruitment much easier. Actions to take include providing staff the technology and equipment they need to do their jobs well. Positive reviews by employees on sites like Glassdoor can make your company a sought-after place to work.
With top positions being so hard to fill, those organizations that can’t find or afford one have an alternative—pay for a virtual executive. Several options are available. Virtual chief information security office (vCISO) services are available from a number of providers including H2Cyber, Thrive, VARS, and Cynomi. These cybersecurity executive management firms offer the services of highly skilled and experienced teams on a retainer basis.
“A vCISO allows organizations to navigate through the increasing number of cybersecurity regulations by building a comprehensive cybersecurity program accounting for compliance and security,” said Horn.
Pick Your Battles
There are some areas where the talent squeeze is so tight that it is better to admit defeat than to go on month after month with vital positions remaining unfilled. If the salaries being demanded are too high or you can never find the right applicant, search for an outside provider or partner to take over that function. Fight your hiring battles where you can win them.