Why Attracting the Right Cyber Talent is Challenging: How Influencing Skills Help

The Cybersecurity Talent Gap: A Global Challenge

The demand for cybersecurity professionals continues to far outpace supply. According to the 2025 ISC2 Cybersecurity Workforce Study, the global cybersecurity workforce gap reached 4.8 million unfilled positions and would need to grow by 87 % to meet demand. This is not just a regional issue, it affects security teams worldwide, from enterprise to small and medium businesses.

In addition, recent research shows that around 64 % of organisations identify a lack of qualified candidates as the primary challenge in filling cyber roles. Many companies simply don’t have enough people with the right blend of technical skills, experience, and soft skills to meet their needs.

Why Cybersecurity Recruitment Often Fails

Successful cybersecurity recruitment isn’t just about posting a job, it is about influencing both stakeholders and candidates so they see the value and fit of the role. Below are the most common reasons recruitment efforts fall short:

(1) High Demand, Low Supply of Qualified Candidates

• Organisations report difficulties not because talent is not applying, but because qualified applicants are rare. In Australia and New Zealand, over 50 % of business leaders feel cybersecurity applicants lack appropriate qualifications for open roles.
• This gap is compounded by expectations of experience and certifications that many job seekers simply do not have. Many companies prefer “ready‑made” experts rather than investing in growing talent, which further shrinks the pool of eligible candidates.

(2) Competitive Market and Slow Hiring Processes

• Even when candidates exist, hiring them quickly is a challenge. Nearly half of organisations report it takes three to six months to fill a cybersecurity role, particularly for senior positions. Prolonged hiring windows mean candidates may accept offers elsewhere, compounding the talent shortage.
• The cyber job market has also become more competitive among employers. Companies not offering modern workplace flexibility, competitive compensation, or professional growth risk losing out on top talent.

(3) Misaligned Job Ads and Hiring Expectations

• Outdated job descriptions or unrealistic requirements also undermine recruitment efforts.
• Cyber roles often bundle too many skills or fail to clearly communicate the role’s purpose, making them less appealing to high‑quality candidates.
• Additionally, HR departments sometimes lack deep understanding of cybersecurity careers, leading to gaps between what hiring managers expect and what they advertise. This mismatch contributes to poor candidate fit and wasted applications.

(4) Skills Gaps and Pipeline Issues

• The cybersecurity field also suffers from structural pipeline problems.
• There is not a large enough flow of new professionals entering the workforce with practical experience, especially in defensive security roles.
• Combined with demands for specialised expertise and certification, this limits the pool of candidates who truly meet job requirements.

Why Influencing Skills Matter in Cybersecurity Hiring

Attracting the right candidates is not just about reaching them,  it is about influencing stakeholders, hiring managers, and the candidates themselves. Cyber security leaders must ask the right questions early, not to assert authority, but to uncover needs, priorities, and barriers.

Good questions help refine job ads, align expectations, and clarify what success looks like. They also help hiring managers understand candidate motivations, making the opportunity more compelling.

As recruitment expert Greg Savage says: “Talk less. Ask better questions.”

Practical Questions That Improve Recruitment Outcomes

Here are four questions cyber managers and talent partners can use to improve recruiting influence and decision‑making:

1. Who is our most valuable team member, and what makes them valuable?
   ­   This helps clarify skills, behaviours, and outcomes you truly need.

2. How will we find and attract quality candidates who match this profile?
   ­   This shifts focus from broadcasting a job to targeting the right audience.

3. What factors might prevent the right candidates from applying, and how can we address them?
   ­  This surfaces obstacles like compensation, role clarity, culture concerns or recruiting channels.

4. Which hiring practices could we change to appeal to emerging talent and retain them longer?
       A strategic question that helps influence internal stakeholders toward better recruitment policies.

Conclusion: Shifting to Influencing

Cybersecurity recruitment challenges will not disappear overnight. The global talent gap, competitive market, and skills mismatches make it hard for organisations to attract the right applicants. But by improving influencing skills, asking sharper questions, and aligning job design with candidate expectations, teams can make measurable progress.

A thoughtful recruitment strategy, grounded in real needs and clear communication, not only attracts better candidates but also strengthens the entire security organisation.