Addressing Cybersecurity Hiring Challenges: Insights from Leidos

Finding and retaining qualified cybersecurity talent is a significant challenge for many organizations. A recent case study by SANS and GIAC, in collaboration with Leidos, a leading information technology engineering firm, provides an in-depth look at the hiring challenges and solutions from an HR perspective. The Leidos case study, detailed in the 2024 SANS | GIAC Cyber Workforce Research Report, highlights the innovative approaches Leidos is taking to overcome these obstacles.

Challenges

As a major federal contractor, Leidos consistently faces a high demand for entry-level cybersecurity talent. However, securing the necessary government clearances for these roles remains a challenge, requiring substantial investment. The demand for mid-to-high-level cybersecurity experts who are already security-cleared is even more intense, resulting in a scarcity of talent across both federal and private sectors.

Another major hurdle is the often lengthy and unclear job descriptions that fail to highlight essential requirements. These descriptions can deter potential candidates, particularly those with the necessary skills and aptitude, who may be discouraged by the perception that they need to meet all the listed requirements. This discrepancy can lead to a reduced pool of applicants, exacerbating the hiring challenge.

Solutions

To address these challenges, Leidos has implemented several innovative strategies aimed at improving recruitment and retention processes:

1. Collaboration with Business Leaders: Leidos works closely with business leaders to provide insights into filling cybersecurity roles, sharing industry best practices, labor data, and successful hiring models. They also engage with customers to support industry best practices in addressing hiring constraints.
2. Flexibility in Recruiting: Leidos emphasizes the technological competence of young professionals, advocating for flexibility in recruiting. This involves trusting the potential of young professionals and providing them with the necessary training to bridge any skill gaps.
3. Enhanced Job Descriptions: Leidos promotes more robust job descriptions that clearly outline must-have requirements for cybersecurity and technical managers. They leverage the NIST NICE Framework as a common language for cyber skills, integrating these skills into standardized job descriptions to create a more streamlined and inclusive hiring process.
4. Degree Equivalency Matrix: To widen the candidate pool, Leidos is developing a degree equivalency matrix that substitutes certifications, skills, training, or experience for a four-year college degree. This initiative aims to open cybersecurity roles to individuals with the right potential and skills, even if they did not follow a traditional education path.
5. Skills-Based Hiring Approach: Leidos focuses on candidates who meet 80% of the requirements and provides learning and development opportunities to fill the skills gap. This approach includes internships, training, mentoring, and intentional career development conversations, emphasizing the need for cybersecurity managers to invest in their employees' growth and career planning.

Building a Stronger Cybersecurity Talent Pipeline

Leidos' innovative approach to cybersecurity hiring offers valuable insights for organizations facing similar challenges. By collaborating with business leaders, enhancing job descriptions, and adopting a flexible, skills-based hiring approach, Leidos is not only addressing the current talent scarcity but also setting a precedent for the industry. The emphasis on training, mentoring, and career development underscores the importance of investing in the growth of cybersecurity professionals, ensuring a robust and resilient cybersecurity workforce for the future.

More Insight into Cyber Workforce Trends and Challenges

The 2024 SANS | GIAC Cyber Workforce Report includes six unique case studies from top cybersecurity leaders from leading organizations across the US. In addition, the report paints a full picture of the challenges and opportunities for building cybersecurity teams that are backed by successful hiring and development practices. To read the report in full, download it now.