Upping the Ante on Cyber Security: George Lin Joins Allura Partner
Allura Partners recently welcomed George Lin to lead the company’s cyber security and network engineering recruitment team. A specialist cyber security and network engineering recruitment consultant, George landed here with feet firmly on the ground and is already making the difference to our clients’ security profile, placing roles across security engineering, security architecture, governance risk and compliance, identity access management, data privacy and network engineering.
We sat down with George to find out more about him, and what he thinks about where the cyber security profession is sitting when it comes to talent recruitment and retention.
Q. George, how did you get into the recruitment industry?
I have to admit, I fell into it. I studied a degree in human resources, but it was a random opportunity that got me started, doing graduate internship placements in the technology space. I've been recruiting across the technology space now for four years, most recently across specialised desks in cyber security and network engineering.
Q. What excites you about working in the cyber security space?
Cyber security recruiting is an evolving area. As data and artificial intelligence (AI) becomes increasingly prevalent in our everyday lives, I think it must continue to grow and transform in order to handle all the evolving risks.
But on top of that, I enjoy working with cyber security professionals. They’re quite passionate about the work they do; and it's always good to work with people like this who believe in the value that they bring – not just to companies but to society as a whole.
Q. It’s reported that most boards of directors are advocating increasing IT security headcount, but it’s not as easy as it sounds. Indeed, one in five hiring managers say it can take more than six months to fill positions. What’s your view on this?
I believe that’s an accurate view, for a few reasons. Firstly, we need to remember that cyber security is a broad area; when you refer to security engineers or security architects, that could mean a variety of job responsibilities, so it’s not necessarily a finite market.
But on top of that, the market is very short of candidates. With such a shortfall, there’s high competition to find and secure the perfect candidate, with specific skills and experience. It can take up to six months. However, at Allura Partners we strive to achieve a 2-4 week placement for permanent roles in cyber, and 1-2 weeks for contracting roles.
Q. It’s also reported that 54% of firms find it hard to retain staff. What’s driving this staff movement?
As I mentioned, people in cyber security tend to be passionate about the work they do; they want to work with new technologies, and gain experience on diverse projects. Post-COVID, we saw several high-profile attacks, breaches and compromises, which have led to some interesting work in cyber transformations and uplift programs. Cyber security professionals are chasing these opportunities.
Q. What industries are experiencing the most significant cyber security labour shortages?
Due to the sheer size of the government and the number of breaches they’ve suffered in recent times, there is a shortage in the industry. There’s also a consistent shortage of labour in utilities – critical infrastructure that is constantly at risk of breach. But we’re also seeing shortages in healthcare and not-for-profits (the latter suffers because it can be more difficult to offer competitive salaries). What we have seen in the last 12 months is that in order to mitigate the labour shortages, we’re seeing a lot of businesses turn to hiring for contract roles to support on high priority projects or fill immediate gaps in their team.
Q. And what are the risks to those companies that can’t get the cyber security talent they need?
There are several risks that can affect all parts of the business if it is attacked or compromised. Financially, you’re at risk of being fined by the government. On top of that, your brand image can be significantly damaged, your stakeholders get hurt, and there can be a fallout at the executive level that has potential impact on stability and morale of the teams. Additionally, damage isn't necessarily in the moment, it can be long-term due to impact on stakeholder trust.
Q. What can companies do to attract and retain the cyber security talent they have?
Companies need to keep an open mind – it is important to consider recruiting people with a passion for the industry and a willingness to constantly learn and adapt and to give them the training needed to gain practical experience. We’re also seeing candidates in the IT industry looking to make the switch to the cyber security industry, providing an opportunity to seek talent from new places. With this in mind, companies need to be open to investing in their teams, whether this be through an internship or graduate program for new entrants, or by sponsoring certifications that enable people to continuously study throughout their working career.
Q. Can you describe the typical cyber security team in Australia?
Enterprise companies are more likely to have an in-house information technology team of up to 25 people or more, some with a strong knowledge and skills across cyber. However, those most at risk are typically smaller to medium sized businesses which may not be capable of hiring or having a strong cyber team, outside of standard IT.
This leads to the next point where often we see outsourcing to an onshore or offshore service provider to support certain cyber security functions.
Due to the growing demand for cyber security talent, and the shortage of talent within the industry, we are seeing more short-term contractor roles come up, joining teams across both small and enterprise companies.
A security architect or engineer, for example, might come on to support a project for an initial 6 to 12 months before reassessing is done.
Q. For those looking to enter the cyber security field or seek a new role, what education, skills and certifications are highly desirable?
Cyber security can be seen as a field that isn’t necessarily entry level. In most of the junior roles I recruit across, a level of practical experience is required.
While it is certainly important to have your degree or certain certifications, what people really need are the fundamental and foundational skills to transition into cyber. Cyber security has existed for a long time in the form of systems and network security, which means most people start their careers in IT helpdesk, network engineering or systems administration. This coupled with the passion to learn and work in cyber security is what will make it easier to move into the field of cyber.
Q. What recommendations can you offer to experienced talent looking to navigate the job market?
For those that are already working as a cyber professional it’s about continuing to stay up-to-date with your skills and the certifications you have. As technology and cyber is constantly evolving, it is important to be aware as well of what skills/tech stacks are most popular in the market and which companies are the first to adopt those technologies. What we have seen recently is the demand for cloud qualified candidates. A lot of businesses have moved or are in the process of moving their systems onto cloud environments, so having the experience or capability to work in the cloud is very important.
Q: Despite the rapid expansion of the cyber security industry, the industry has an under representation of women. Do you think the sector is operating to it’s full potential?
From my research last year, women only represented about 17% of the cyber security workforce in Australia. But there's a drive to balance that out – not just in cyber, but in IT as well.
Personally, I think it is very important to have a balanced workforce. Diversity brings different perspectives to the workplace.
The women we see entering IT the industry consistently hit the ground running. They have a drive to grow in their careers, they move into leadership positions quickly, and they become great mentors for other women coming through. However, I do think we tend to lose women more than men, at times this can be when they start a family or try to find a better work-life balance, so I think companies need to do more to introduce policies and benefits that support women to remain in the workplace/industry.
I feel really optimistic about women in technology and within that, cyber security. We’re seeing some interesting support networks growing on LinkedIn, the Australian Women's Security Network is growing, and we're seeing employers pursue more diversity within their teams. It’s an exciting time.
If you are interested in progressing your career within the IT & Cyber security space or you want to build the team you need, you can reach George here.