Tips for recruiting cloud and security professionals

Teri Radichel
Jan 14, 2019 · 7 min read

Most experienced technical professionals will likely tell you they are contacted by recruiters more than once a month if not once per day if they have a LinkedIn profile or ever entered their resume somewhere online. Recruiters and hiring managers have contacted me on LinkedIn, via email, and phone. Many statistics show how difficult it is to find and hire cloud and security professionals in this competitive landscape. So what can companies and recruiters do to find and recruit top talent? I have a few tips.

Let me start by saying, I love recruiters. One Friday afternoon, when I was not being treated especially well at work, I went through my contact list and sent an email to a whole bunch of recruiters I knew. I had a job by the next Monday. The market is competitive right now, but I experienced the dot-com bubble and subsequent dot-bomb back in the year 2000. Hard to come by technical professionals turned into 500 people applying for the same sys-admin job at Microsoft. Stay on good terms with your recruiters and hiring managers so you’ll be at the top of that pile.

On the other hand, many technical people complain about or get annoyed by recruiters, hiring managers, and head-hunters for a reason. Here are some tips to stay on your techie’s good side.

Stop spamming. Technical people are likely to get even more annoyed by spam than the average human, in my experience. Guessing someone’s email is unprofessional and likely to get you reported as spammer faster than it will get you a job candidate. A lot of technical people have stopped answering their phone due to the amount of recruiter and vendor phone spam. It is overwhelming. Please stop.

Do your homework. If you must contact someone via a cold call, or if the candidate contacts you about a potential job, do your homework. Don’t propose a DevOps role to a Vice President of Engineering or Cloud Security Architect. Don’t offer the CEO of a security company an ABAP programming job because a month’s worth of work in 1999 turned up on an old resume. Make sure the position you are offering is appropriate for the person’s current skill set. You can research most people on LinkedIn, by using various facts about the person — and if you can’t find them, it is highly unlikely they want to hear from you at all. By the way, if the person is running a business, offer to hire their company to do consulting or training, rather than asking if they want a job. If you are a recruiter, perhaps the company is willing to pay a referral fee for new business.

Advertise. There are many places to advertise and post jobs. If people are looking, they will contact you. I successfully hired an incredible cloud engineering manager via a job posting. Use GlassDoor, LinkedIn, Indeed, Monster, Google Ads, and post jobs on social media like Twitter and Facebook, to name a few. When you advertise the position, if you want people to respond, details about the job and salary range will help. People are interested in what they can learn on the job, how much they will make, whether the employer offers exceptional benefits, training, new opportunities, and in some cases, freedom to work from home, or the ability to have a significant impact on some area of personal interest.

Sponsor a meetup. When I moved into a role where I had to hire cloud professionals for my team, I was already sponsoring a Seattle AWS Meetup which as of this moment has 2600+ members. I was able to hire five people from that group in a short time frame. If you sponsor a meetup, you need to participate (i.e., meet up) to see the value and develop relationships with the meetup organizers and members. Show up. Talk to people! Build relationships. Also, bring job descriptions to the meetup if you are sponsoring that people can pick up and take with them. Please don’t ask to post jobs for free — meetups are hard work and cost money. Work with existing meetups if one already exists that has a large member base and can quickly get your company in front of a lot of people. Research shows that repetition is required for effective advertising and marketing — so an on-going sponsorship may work better than a one time hit.

Build relationships. If you don’t want to pay to sponsor the meetup or event, then attend events instead and get to know people. Hopefully, you participate before you have a need. Those relationships will pay off over time. Meet people and let them know what you do. If you’re a hiring manager, talk about the cool things your team is working on but don’t expect someone to want a job. Just build the relationship. Ask the person what they do now and what they want to do in the future. Connect with people on LinkedIn. Post jobs and useful information on LinkedIn. If your connections have a need and you have built that relationship, they will contact you when the time comes to find a new role.

Listen. A recruiter spammed me via email. Trying to be helpful, I suggested the person should check LinkedIn profiles before contacting people. Hint, hint: The job was completely inappropriate, not to mention I’m not looking, and I run a Cloud Security Training and Consulting company. The person replied asking if I wanted the job and said she sent me an email with the job description.


Be good. Be a good person. Be good at what you do. Help people. One recruiter I know does all of the above very well. He helped me find numerous jobs in the past, and we became good friends in the process. He truly cares about people. He also has a programming background, so he understands technical people. I recently saw a woman post a recommendation for him on LinkedIn because he took the time to read (and I presume, understand) her resume and provide meaningful recommendations. Other people chimed in about how he had helped them in the past. This person was also one of the original sponsors of our meetup and has been very successful wherever he goes.

Consider a consultant. This suggestion may sound like a plug for my services, but it’s the reason behind why I started my business. If you are trying to hire the best whiz-bang cloud security professional you can find, it’s going to cost a lot of money. And that is going to be an on-going annual expense that hangs around year after year. Based on personal experience, it may be better to have a one-time up-front hit to bring people into your company up to speed, or have someone on call for tough questions, rather than pay someone very expensive full-time for years to come. One of the services I offer right now is answering questions via IANS Research. This service is a great way to get security advice on an as-needed basis versus attempting to hire the elusive cloud security professional.

Cloud and Security Training. Rather than trying to look outside of your organization, you may have a lot of smart people inside your organization that could come up to speed quickly, given the opportunity. Your staff is learning new technologies like cloud computing every day. It may take a little longer to get started, but your employees will be happier in most cases to have the opportunity to learn vs. having new employees hired to do the cool new thing. One of the issues I’ve seen when companies move to the cloud is lack of understanding of the security implications of using cloud services. Typically developers are given more security responsibilities, and security teams are trying to catch up — it’s critical for everyone to get cloud security training — and that’s why I wrote my Cloud Security Architecture and Engineering class.

I hope these tips will help you hire or train professionals for all those cloud, DevOps, and security job openings that are so hard to fill!

Teri Radichel — Follow me @teriradichel

© 2nd Sight Lab 2020


Want to learn more about Cloud Security?

Check out: Cybersecurity for Executives in the Age of Cloud.

Cloud Penetration Testing and Security Assessments

Are your cloud accounts and applications secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Cloud Security Training

Virtual training available for a minimum of 10 students at a single organization. Curriculum: 2nd Sight Lab cloud Security Training

Have a Cybersecurity or Cloud Security Question?

Ask Teri Radichel by scheduling a call with IANS Research.


2020 Cybersecurity and Cloud Security Podcasts

Cybersecurity for Executives in the Age of Cloud with Teri Radichel

Teri Radichel on Bring Your Own Security Podcast

Understanding What Cloud Security Means with Teri Radichel on The Secure Developer Podcast

2020 Cybersecurity and Cloud Security Conference Presentations

RSA 2020 ~ Serverless Attack Vectors

AWS Women in Tech Day 2020

Serverless Days Hamburg

Prior Podcasts and Presentations

RSA 2018 ~ Red Team vs. Blue Team on AWS with Kolby Allen

AWS re:Invent 2018 ~ RedTeam vs. Blue Team on AWS with Kolby Allen

Microsoft Build 2019 ~ DIY Security Assessment with SheHacksPurple

AWS re:Invent and AWS re:Inforce 2019 ~ Are you ready for a Cloud Pentest?

Masters of Data ~ Sumo Logic Podcast

Azure for Auditors ~ Presented to Seattle ISACA and IIA

OWASP AppSec Day 2019 — Melbourne, Australia

Bienvenue au congrès ISACA Québec 2019 KeynoteQuebec, Canada (October 7–9)

Cloud Security and Cybersecurity Presentations

White Papers and Research Reports

Securing Serverless: What’s Different? What’s Not?

Create a Simple Fuzzer for Rest APIs

Improve Detection and Prevention of DOM XSS

Balancing Security and Innovation with Event-Driven Automation

Critical Controls that Could have Prevented the Target Breach

Packet Capture on AWS