Finding and Retaining IT Security Experts: Five Tips for Companies

In an increasingly digitalized world, IT security is becoming a growing challenge for companies of all sizes. According to our latest eco IT Security Survey, 96 percent of security experts in Germany see a growing threat situation. As a result, companies are prioritizing IT security measures, including contingency planning. However, the German economy is still inadequately positioned when it comes to IT security.

The importance of skilled IT security experts

Overall, within a company, protecting sensitive data and defending against cyberattacks requires highly qualified experts. While the demand for qualified IT security talent has created a robust job market, this has also made recruiting and retaining these specialists increasingly challenging for many companies. This is because the shortage of skilled labors now affects not only the technical level, but also other areas of the company such as accounting, human resources, and marketing.

Companies must therefore adapt their personnel HR strategy to this development. To respond to this changing landscape, here are our 5 tips on how HR managers can align to the changed situation:

Tip 1: Adapt the recruiting process

To attract new employees, recruitment processes should be critically reviewed. A simple and fast application process with plenty of feedback benefits both sides. Open and honest conversations help both parties to get to know each other better. A trial day can be arranged in advance with promising candidates to introduce them to their future work environment, colleagues, and corporate culture.

Hackathons and other IT competitions provide an excellent opportunity to identify talented IT security experts and inspire them to join the company. These events allow companies to see potential employees in action and introduce them to the company culture. 

Close cooperation with universities and technical colleges can also facilitate access to young talent. Through guest lectures, internships, and joint research projects, companies can establish early contacts and attract talented students.

Tip 2: Create attractive working conditions

Flexible working hours and the option to work from home are attractive benefits for many IT security experts. This allows the recruiting radius to extend beyond the company’s immediate region. Companies should offer flexible working models to attract talent and increase their satisfaction. Competitive remuneration is essential for attracting and retaining skilled specialists.

In addition, appealing benefits such as bonuses, healthcare, retirement plans, and other benefits can make a difference. You can explore new avenues beyond traditional job postings. Satisfied employees are good ambassadors for the company and can be rewarded with special incentives for recruiting new employees. Especially in specialized topics, (internal) active sourcing should also be considered.

Tip 3: Increase employee retention

Offer regular opportunities for professional and social exchange, while taking into account individual time preferences of employees. Develop and nurture a corporate culture together with your employees. Position yourself as family-friendly and women-friendly – given that women are still significantly underrepresented in IT security. Consider the individual needs of employees. A rigid framework in terms of working hours and salary is no longer always effective. Rather, individual bonus programs can be developed with the employees that take into account the respective phases of life. If this is done transparently, it can also prevent envy debates.

Offer opportunities for further training and different career paths. It doesn’t always have to be a climb to the top, with models for technical experts also increasing the length of time employees stay with the company.

When returning to the office, examine how much flexibility is possible for employees. It is important to question why employees should return to the office in the first place, what goals are to be achieved (better team interaction, more control), and how these can be achieved.

Tip 4: Promote training to attract young talent

When recruiting new specialists, the promotion of young talent must not be overlooked, even though this is more of a medium-term solution. However, a concerted effort must be made in the rapidly growing Internet industry. Many professions in the IT sector, for example, are still too little known. The foundations for this are already being laid in the school environment. Cooperation with schools, visits to school fairs, the involvement of teachers, and participation in Girls & Boys Day are just a few possibilities.

In the university environment, there have been enormous increases in the number of degree programs with an IT security focus over the past 20 years, but growth has now stagnated. The number of graduates is also declining at some universities. Early collaboration with students through internships, final theses, working students, etc. secures contact with potential new employees.

When training new specialists, the requirements of the Internet industry and the diverse job profiles should be taken into account. Highly qualified specialists are not always needed, but generalists with a broad range of knowledge, such as in data protection and information security, are also valuable. When addressing students in particular, social media platforms like Instagram and TikTok should also be considered in order to create brand awareness.

Tip 5: Use AI to make work more efficient

Artificial intelligence and automation are tools in the fight against the shortage of skilled workers. Output can be increased without increased staffing. The unconscious fear that AI will lead to job losses should be seen as a solution rather than a problem in light of the shortage of skilled workers. Skilled workers can thus be deployed in positions where the human component is necessary or where they can achieve better results together with AI.

In summary, through a combination of attractive employer branding, continuous further education, flexible working models, and an appreciative corporate culture, companies can ensure that they attract and retain the best talents for their IT security needs.

To learn more, download the full eco IT Security Survey 2024

Cornelia Schildt completed a Diploma in Informatics at the TU Chemnitz and worked for the German Federal Office for Information Security (BSI) as a specialist for Internet security for 5 years, before she joined eco – Association of the Internet Industry in 2011 as a Project Leader in the area of IT security. Since then, she has organized the annual Internet Security Days with international guests, and is Senior IT Security Project Manager for a range of security initiatives to train SMEs in the secure use of the Internet and related services. She represents eco as a speaker on IT security topics and in a range of committees.