Smarter Cyber Recruiting Starts with a Skills-First Approach

The default approaches to recruitment, such as CVs and interviews, are rife with unconscious bias, subjectivity, and inaccuracy.  

There are upwards of 175 biases that can influence our behavior, but some of the key ones that impact recruitment include:

• Similarity bias – the tendency to think more favorably of candidates who are “similar to me.” People gravitate toward the familiar, so will rate people who are similar to ourselves. 
• Confirmation bias – analyzing information about a candidate in a way that confirms our existing beliefs and assumptions.
• Halo effect – the tendency to focus on the redeeming aspects of a candidate can influence our opinions of them in other areas.

We need to reduce bias by challenging these well worn out recruitment practices. 

CVs only give a surface-level view of what people can truly offer; you can’t gauge a candidate’s ability to adapt to new security threats or whether they are competent in specific security skills. With interviews, candidates can fake their answers to impress interviewers. 

We need more objective methods to assess a candidate’s proficiency accurately, and measure candidates’ actual skills and performance. 

In order to successfully measure a candidate’s actual skills, organizations must use real-life cyber simulations where a candidate can conclusively demonstrate their ability to respond to real-world threats and situations.

The critical value of assessing performance is that it adds objectivity to your recruitment process and reduces recruitment bias. 

Organizations don’t have to rely on assessing CVs and how people perform in interviews when you can measure the actual skills needed to be successful in specific cybersecurity roles, enabling you to uncover their hidden talents.

Performance-based assessments are well-supported in academic research too. 

Academic research shows that performance-based assessments are strong predictors of actual performance on the job and less open to faking by candidates¹. Candidates also view these assessments more favorably over other selection methods². 

Ultimately, their value comes down to “show me” and not “tell me³.” We don’t ask candidates to tell us how good they are, but to show us through practical demonstrations. This prevents people from inflating their skills and yields more accurate results. 

When there’s a gap in cyber talent, it’s important to hire quickly when you find the right people. Armed with a database of candidate performance (and a benchmark of current employees), you can much more easily compare skill sets so you can identify a “must-hire” right after the screening. 

By partnering with programs like Cyber Million, powered by Immersive Labs, organizations can reduce barriers to entry for job seekers by creating opportunities and uncovering hidden talent. Through an emphasis on real-world skills and aptitude over traditional evaluation methods – such as academic degrees, certification and job experience – these programs modernize the way organizations recruit for cyber roles globally. By screening candidates, organizations can reduce the pool of candidates and focus solely on those with the skills needed to succeed in cyber security roles. 

To learn more about joining Cyber Million as an Employment Partner or Supporting Organization, please visit our program home page.

¹ Boyce, A. S., Corbet, C. E., & Adler, S. (2013). Simulations in the selection context: Considerations, challenges, and opportunities. Simulations for personnel selection, 17-41.

² Hausknecht, J. P., Day, D. V., & Thomas, S. C. (2004). Applicant reactions to selection procedures: An updated model and meta‐analysis. Personnel psychology, 57(3), 639-683.

³ O’Leary, R. S., Forsman, J. W., & Isaacson, J. A. (2017). The role of simulation exercises in selection. The Wiley Blackwell handbook of the psychology of recruitment, selection and employee retention, 247-270