Most experienced technical professionals will likely tell you they are contacted by recruiters more than once a month if not once per day if they have a LinkedIn profile or ever entered their resume somewhere online. Recruiters and hiring managers have contacted me on LinkedIn, via email, and phone. Many statistics show how difficult it is to find and hire cloud and security professionals in this competitive landscape. So what can companies and recruiters do to find and recruit top talent? I have a few tips.
Let me start by saying, I love recruiters. One Friday afternoon, when I was not being treated especially well at work, I went through my contact list and sent an email to a whole bunch of recruiters I knew. I had a job by the next Monday. The market is competitive right now, but I experienced the dot-com bubble and subsequent dot-bomb back in the year 2000. Hard to come by technical professionals turned into 500 people applying for the same sys-admin job at Microsoft. Stay on good terms with your recruiters and hiring managers so you’ll be at the top of that pile.
On the other hand, many technical people complain about or get annoyed by recruiters, hiring managers, and head-hunters for a reason. Here are some tips to stay on your techie’s good side.
Stop spamming. Technical people are likely to get even more annoyed by spam than the average human, in my experience. Guessing someone’s email is unprofessional and likely to get you reported as spammer faster than it will get you a job candidate. A lot of technical people have stopped answering their phone due to the amount of recruiter and vendor phone spam. It is overwhelming. Please stop.
Do your homework. If you must contact someone via a cold call, or if the candidate contacts you about a potential job, do your homework. Don’t propose a DevOps role to a Vice President of Engineering or Cloud Security Architect. Don’t offer the CEO of a security company an ABAP programming job because a month’s worth of work in 1999 turned up on an old resume. Make sure the position you are offering is appropriate for the person’s current skill set. You can research most people on LinkedIn, by using various facts about the person — and if you can’t find them, it is highly unlikely they want to hear from you at all. By the way, if the person is running a business, offer to hire their company to do consulting or training, rather than asking if they want a job. If you are a recruiter, perhaps the company is willing to pay a referral fee for new business.
Advertise. There are many places to advertise and post jobs. If people are looking, they will contact you. I successfully hired an incredible cloud engineering manager via a job posting. Use GlassDoor, LinkedIn, Indeed, Monster, Google Ads, and post jobs on social media like Twitter and Facebook, to name a few. When you advertise the position, if you want people to respond, details about the job and salary range will help. People are interested in what they can learn on the job, how much they will make, whether the employer offers exceptional benefits, training, new opportunities, and in some cases, freedom to work from home, or the ability to have a significant impact on some area of personal interest.
Sponsor a meetup. When I moved into a role where I had to hire cloud professionals for my team, I was already sponsoring a Seattle AWS Meetup which as of this moment has 2600+ members. I was able to hire five people from that group in a short time frame. If you sponsor a meetup, you need to participate (i.e., meet up) to see the value and develop relationships with the meetup organizers and members. Show up. Talk to people! Build relationships. Also, bring job descriptions to the meetup if you are sponsoring that people can pick up and take with them. Please don’t ask to post jobs for free — meetups are hard work and cost money. Work with existing meetups if one already exists that has a large member base and can quickly get your company in front of a lot of people. Research shows that repetition is required for effective advertising and marketing — so an on-going sponsorship may work better than a one time hit.
Build relationships. If you don’t want to pay to sponsor the meetup or event, then attend events instead and get to know people. Hopefully, you participate before you have a need. Those relationships will pay off over time. Meet people and let them know what you do. If you’re a hiring manager, talk about the cool things your team is working on but don’t expect someone to want a job. Just build the relationship. Ask the person what they do now and what they want to do in the future. Connect with people on LinkedIn. Post jobs and useful information on LinkedIn. If your connections have a need and you have built that relationship, they will contact you when the time comes to find a new role.
Listen. A recruiter spammed me via email. Trying to be helpful, I suggested the person should check LinkedIn profiles before contacting people. Hint, hint: The job was completely inappropriate, not to mention I’m not looking, and I run a Cloud Security Training and Consulting company. The person replied asking if I wanted the job and said she sent me an email with the job description.
Be good. Be a good person. Be good at what you do. Help people. One recruiter I know does all of the above very well. He helped me find numerous jobs in the past, and we became good friends in the process. He truly cares about people. He also has a programming background, so he understands technical people. I recently saw a woman post a recommendation for him on LinkedIn because he took the time to read (and I presume, understand) her resume and provide meaningful recommendations. Other people chimed in about how he had helped them in the past. This person was also one of the original sponsors of our meetup and has been very successful wherever he goes.
Consider a consultant. This suggestion may sound like a plug for my services, but it’s the reason behind why I started my business. If you are trying to hire the best whiz-bang cloud security professional you can find, it’s going to cost a lot of money. And that is going to be an on-going annual expense that hangs around year after year. Based on personal experience, it may be better to have a one-time up-front hit to bring people into your company up to speed, or have someone on call for tough questions, rather than pay someone very expensive full-time for years to come. One of the services I offer right now is answering questions via IANS Research. This service is a great way to get security advice on an as-needed basis versus attempting to hire the elusive cloud security professional.
Cloud and Security Training. Rather than trying to look outside of your organization, you may have a lot of smart people inside your organization that could come up to speed quickly, given the opportunity. Your staff is learning new technologies like cloud computing every day. It may take a little longer to get started, but your employees will be happier in most cases to have the opportunity to learn vs. having new employees hired to do the cool new thing. One of the issues I’ve seen when companies move to the cloud is lack of understanding of the security implications of using cloud services. Typically developers are given more security responsibilities, and security teams are trying to catch up — it’s critical for everyone to get cloud security training — and that’s why I wrote my Cloud Security Architecture and Engineering class.
I hope these tips will help you hire or train professionals for all those cloud, DevOps, and security job openings that are so hard to fill!
Teri Radichel — Follow me @teriradichel
© 2nd Sight Lab 2020
Seeking Cloud Security Training or Classes?
Join students like those from large multi-national organizations, startups, technology, retail, and financial companies, and government organizations that have attended classes taught by Teri Radichel. 2nd Sight Lab offers on-site cybersecurity and cloud security training. Author Teri Radichel, GSE #240, formerly taught for SANS Institute and helped with the cloud security curriculum and has helped multiple companies move to the cloud.
SANS Institute awarded her the 2017 Difference Makers award for cybersecurity innovation for her work in cloud security. She is an AWS Hero, IANS faculty member, and speaks around the world about cybersecurity and cloud security. She doesn’t just talk about cloud security — she helped two companies move to the cloud as a member of the Capital One cloud team and as a director and cloud architect responsible for moving a security company’s product to AWS. She now researches and implements technology for pentesting and security management that she includes in her 5-day cybersecurity class.
Her 25+ years of experience and master’s degrees in both software and security results in class content that can help teams both learn new material and work together more effectively. All 2nd Sight Lab instructors are certified in cloud and security.
Curriculum: 2nd Sight Lab cloud Security Training
Some of the events where Teri Radichel will be or has spoken on cybersecurity and cloud security:
Please visit the 2nd Sight Lab website cloud security training and events:
Past Cloud Security Presentations (Videos and Podcasts)
Other past events:
Azure for Auditors ~ Presented to Seattle ISACA and IIA
OWASP AppSec Day 2019 — Melbourne, Australia
Bienvenue au congrès ISACA Québec 2019 — Keynote — Quebec, Canada (October 7–9)