Back to Blogs
Common Mistakes In Cyber Security Hiring
Share this Article

Common Mistakes in Cyber Security Hiring

  • Publish Date: Posted over 4 years ago

​​​Hey, we all make mistakes, right? We are all human after all…Unless your name is Sophia (the first humanoid) and you struggle to gain eye contact.

If you are running a tight ship and need that ideal professional to add value to your already amazing team you have been shaping over several months, there are a few key things to remember when going through the Hiring process.

Hopefully these tips from the Cyber Security Recruitment industry leaders will help you side step some common mistake and save you time.

Let’s focus on 2 points and dive into some “Mistakes” within each:

  • Make sure the specification is well defined (Do you know what you are looking for).

  • Ensure the Hiring process is streamlined (Hiring Process and is it working)

1) Do you know what your looking for?

So many times, recruiters and professionals finding job specifications online say the same thing, “this is generic”. My main suggestion to clients is to sit together and draft up a specification that doesn’t read like a to do list. Nothing hurts more than reading those bullet points. Rather get a Team member (someone whom has performed that exact role), a Manager, the Director and HR in one room and talk about what the problem is that you as a business/ team are looking to solve.

Right, now that we understand that – let’s start writing a nice story about the role this person will fulfil, essentially being the person to solve this problem. Ok, fine, some bigger firms have non-negotiable requirements like Education and Certifications on certain Software, let’s add that, but surely most individuals can be trained or upskilled. My best advice when drafting a job brief is to rather omit the soft skills and add the reasons why someone should join your team. Sell it! We have a canteen with Free lunch for all employees, we have an extra leave benefit, child care on site, full medical/insurance plans. I will openly say this for everyone around the globe, these are more attractive to read than “needs 3-5 years in similar role”. Please someone just hold a gun to my head.

2) Hiring process and is it working?

Ok let’s start by first understanding what methods you have taken or conducted already to get the job done. Let’s go through the motions, Internal applications, Referrals from current employees, External adverts, then utilizing that PSL or Agency you trust.

Generally, every stage you are or whatever method is working currently, you should NEVER have a 5-stage interview process. If you are taking longer than 2 weeks to start the process and thereafter release a signed offer, then you have bigger problems than attracting talent. You are losing them to your competitors whom have sharpened their pencils and got their hiring process streamlined.

I’m not saying you cannot have the candidate meet the HR, Technical Lead, Peer, Supervisor, Director and CEO. But get it wrapped neatly into a two-part process.

First stage interview -Technical Lead/Peer/Supervisor and HR (Panel)
Second stage – Director / CEO (Remote Webex)
Notice that I tagged the second stage as a Webex or Zoom Virtual meeting, this is because more C Suite or Senior Execs are “too” busy to take part in an interview. If this is the case then they should not be part of the hiring process, if they are adamant to have a say or give the final nod, then they need to find time and the easiest and most flexible option is an Online Meeting or Telephonic call.

Let’s get into the Interview itself – Failure to prepare is preparing to Fail. It is the HRBP role to ensure that each Panel member is fully aware of the Prospective Employee (Candidate) that is taking time off their day to come and interview to join your team. Remember one key part is the Candidate is also interviewing your panel to see if he/she can work with this team. Interviewing is not a stress-free process for a Candidate, and generally they prepare themselves by reviewing the company website, getting familiar with the product and reviewing the panels LinkedIn profiles. So why are you not doing the same?

I once cringed, when I had a professional call me after the interview and said the Director literally started the interview with, “Hi XXX, So, tell me about yourself and what you do, because I just received your resume 3min ago”. Let’s just say no matter how well that “Interview” went, he had a very negative outlook of how they do things, prepare and execute. It does not look Professional.

Tagging onto being stream lined, you should be giving Prompt feedback within 48 hours to all candidates be it success or not. Remember most of the time we work in a small community of people with those skills sets and guess what they talk. That interview is a marketing tool / platform for your organisation whether you have taken it into account or not.

And speaking of marketing tools, the social media side of actively hiring can work negatively for your brand, to use an example I have seen several Directors or Managers tagged “I’m Hiring” next to their name on LI. Most do this in the hopes of the ideal candidate initiating an engagement and big plus if we hire someone that is a fit and the cost is minimal.

However, the actual reality behind this is you have openly invited every Recruiter to now contact you, so you bogged down by those torpedo emails, secondly you have every unqualified punter trying to push their CV over to you to please review.

To the professionals that generally get headhunted for roles, they will see that “Tagline” as either you cannot retain your staff, hence you always looking, or you don’t really know what you looking for so its open season and let’s see what we get. Desperation is not a good colour on anyone, and even if that was not what you were aiming for or trying to portray, it comes across that way.

Remove it NOW! Playing HARD to get can work in many SOCIAL environments. Pretty sure it’s called SOCIAL media.


Always remember throughout the hiring process the famous statement/quote;

Two Ears, One mouth.

Try listen more than talk as a Potential employer – the candidate should be quite clear on what they attempting to successfully be employed for, it’s your role to successfully understand their skills by asking qualifying questions to understand if they are the BEST suitable SKILLED individual to be a VALUE ADD to your business. I will be releasing another article about Skills Vs Culture, so keep following Xcede's Cyber Security team and my profile to stay ahead of the game.