By Justin Armstrong
Chair, EHRA Privacy & Security Workgroup

It’s not news that, from the front line security analyst to the CISO level, there’s a shortage of skilled healthcare cybersecurity staff.  

Thankfully, interest in cybersecurity has never been greater! There is a career in cybersecurity to fit every personality, temperament, and level of technical acumen. Some positions require intense focus and deep technical knowledge, while others require interpersonal skills.

How can you find talent in such a tight market? There are several good avenues.

Hiring from within your organization

Have you looked at your current staff? 

A week doesn’t go by without someone asking me, “are there openings in your group? I would love to do cybersecurity.” Each person has a niche they can fill. Some have great project management skills, which are very necessary to achieve a certification such as HITRUST or ISO 27001. Others are developers who understand best practices for coding secure applications, even digging deeply into cryptography and other difficult technical areas. Some staff are more oriented towards customer service and PC help desk type work. Each can fill a vital role in an organization’s cybersecurity strategy.

A week doesn’t go by without someone asking me, “are there openings in your group? I would love to do cybersecurity.”

Hiring from local cybersecurity education programs

Finding the right fit from someone off the street can be difficult unless you have the resources for targeted advertising and careful vetting. 

However, there are an increasing number of cybersecurity programs and certificates being offered at colleges and universities. Learn about programs being offered in your area, then reach out to the academic world to find out how you can get involved. Perhaps you can offer a co-op job or internship?

You can certainly attend local cybersecurity events and make contact with students who will soon be in the job market. Find out what their interests are and what they look for in a job. Then, tailor your job openings to be attractive to those just starting out in their cybersecurity career. Offer perks such as reimbursement for classes, certificates, conferences, and other learning opportunities. Offer to help them attain a key certification, such as CISSP, CEH, HCISPP, or one of the myriad of hands-on GIAC certifications.

Tailor your job openings to be attractive to those just starting out in their cybersecurity career.

Another good avenue to meet potential candidates is local cybersecurity events; in my experience ISSA (Information Systems Security Association), (ISC)2, and InfraGard have excellent local events. At every ISSA chapter meeting I’ve attended they ask, “is anyone looking to fill a position?” and, “is anyone looking for work?” More than one match has come out of this! 

Now more than ever, what is needed is not a silver bullet technology, but skilled cybersecurity staff. It will require effort, but enjoy the journey! Cybersecurity is a fun and interesting world, and your efforts to find great staff will be rewarded.