Across the market, we’ve seen opportunities fall apart - not because candidates are “difficult”, but because the narrative was weak, the process lacked some clarity, and ultimately, priorities between the candidate and the firm didn’t align.
If (industry) close rates sit below ~70%, the question isn’t what’s wrong with the market - it’s how do we fix this?
...
The 2024 ISC² Cybersecurity Workforce Study reports a global shortfall of 4.76 million professionals.
But the bigger concern isn’t just numbers - 64% of leaders say skills gaps are the real drag on their security posture. That tells us the problem isn’t finding people - it’s finding the right people.
And when the best engineers know they’re in demand, they don’t choose roles based on brand recognition. They want to know what problem they’ll be solving and why it matters.
In interviews, candidates often ask this directly:
“What’s the hardest challenge I’ll face in the first six months?”
Weak or generic answers undermine confidence. Clear, specific ones build it. For highly regulated firms, there will always be guardrails. But framing the role around the real risks still matters more than leaning on brand prestige...
...
80% of candidates who accept a counteroffer leave within 6-12 months. The money might hold them for a while - but it rarely fixes the underlying misalignment.
We see stronger outcomes when firms focus less on financial competition and more on clarity: what the first 90-180 days look like, what resources are in place, and what success means.
In financial services, counteroffers are almost inevitable. But surfacing purpose, scope, and roadmap early in the process is the best pre-emptive measure!
...
Stress is now one of the biggest factors shaping candidate decisions. Nine in ten CISOs report moderate to high stress, and two-thirds of SOC analysts say they’ve considered leaving because of it. A further 44% of professionals report severe work-related stress or burnout.
If the pitch is vague - “manage operations”, “improve posture” - candidates assume the worst. If it’s specific - “strengthen Kubernetes clusters while scaling zero trust across three regions” - they can see the mission, not just the job title.
Slower-moving organisations may be cautious about sharing too much detail. But even then, ambition with context carries more weight than generic descriptions.
...
One in four security leaders are actively looking to leave their roles. Half of cybersecurity professionals expect burnout inside the next 12 months.
This environment makes hiring processes highly visible. Candidates share experiences widely, whether on Slack, Discord, or within peer networks. Delays, unclear feedback, or perceived indifference all spread quickly.
For many engineers, responsiveness is the litmus test: if communication lapses during hiring, they assume it will be worse once employed. In a tight talent market, every step of the process becomes part of the employer’s value statement.
...
Top security engineers generally don’t reject offers because they’re entitled. They reject them when the offer feels generic, transactional, or unclear.
The firms that win talent are the ones that: lead with the problem that needs solving, communicate frankly and specifically, show respect through a transparent process!
If offer acceptance rates are low, the solution isn’t always a bigger salary band. It’s a sharper narrative!
...