Auburn University Harbert College of Business Logo
Harbert Magazine
Harbert Magazine

Companies may miss out on high-quality employees by focusing on ‘unicorn’ candidates, according to this Harbert researcher, a former IT executive.

Casey Cegielski

Nearly 3.1 million cyber professionals are needed to bridge the industry’s growing talent gap. Why? In part because firms are busy searching for the perfect candidate—one who checks all the boxes—rather than finding the professional who best fits their needs.

Casey Cegielski, an expert in cybersecurity and professor in the Department of Systems and Technology, believes firms—and HR managers—should consider putting a greater emphasis on fundamentals and tempering requirements.

“There’s a misalignment between expectations and the production processes. There needs to be a little bit of a recalibration,” said Cegielski, who developed an interdisciplinary cybersecurity and information assurance program in the Harbert College of Business.

“Firms need to look for a person who can grow into the position,” he said. “You don’t want to hire the person who solves these problems right now because you’re not requiring that person at your price point—and you’re not going to find that person in all practicality who is going to take the entry-level job.”

Cegielski, who has authored more than 60 research articles in peer-reviewed journals, noted that managers in the cyber space are often wrapped up in searching for candidates who can effectively navigate multiple cyber and business disciplines, including compliance, quality assurance, patch management, and code review, for example.

“Managers often try to hire the unicorn (the perfect candidate for the perfect salary),” Cegielski said. “Too many firms are consumed with this, rather than finding someone who checks some of the boxes most important to your organization.

“Most people aren’t going to have all of the bases covered. What results is an interview process by exclusion, not inclusion. ‘This candidate doesn’t have this, throw them out.’ Or, ‘this individual doesn’t have that, throw them out.’ At the end of the day, you’re left with marginal candidates because you threw out of lot of competent people because they didn’t check enough minutiae in your laundry list of things.

“The reality of it is—concentrate on the things that matter fundamentally to your organization. If you have great needs working on penetration testing, then stay with that. Leave the other certifications and skills out of the job. If you need somebody in your organization who understands compliance for systems and organizational control reporting—then concentrate on finding that candidate. Leave the other nonsense out because you’ve just hit the one fundamental area that’s critical to your organization. Get the one big stone in your jar before you start trying to put the pebbles around it.”

Casey Cegielski
Professor
Department of Systems and Technology