Got problems attracting infosec talent? It’s time for your organization to learn geek!

Embracing the infosec community and people in it is important if you want to attract the talent you need. Learning to understand geeks and geek subculture is an important skill here. Read on and understand why both your HR and marketing departments need to learn geek.

So you’re one of those companies that has problems attracting talent? Or keeping it. Maybe even both?

Here’s some comfort in a sense: You’re not alone. That’s the new normal everywhere in IT. Luckily, there are ways to improve your situation. The infosec community holds the key: Embrace its culture and language, show people in it that you understand and respect them, and demonstrate that everybody in your organization takes security seriously. The community will love you back by spreading the word about how great it is to work at your company and how much fun people have there. Succeed, and all your challenges with attracting and retaining talent will be a thing of the past.

Marketing and Employer Branding Are Often Overlooked

In reality, this is marketing and for some reason it’s vastly overlooked in talent acquisition and employer branding. Is it because talent professionals know little about tech culture? Probably, but that can be fixed.

Let’s start from the beginning: What is this community, why is it important, and how does one communicate with it and make it do all those amazing things I mentioned earlier?

The Infosec Community

In short (and hugely oversimplified), the infosec community consists of all those passionate, geeky personalities who love infosec so much that they just have to make it part of their careers. Many of them can’t leave it at that and meet up with like-minded people in their spare time to discuss infosec, watch talks, and get to know more people like them.

Because of these passionate people, the infosec community consists of many of those security wizards every company wants to hire. And they’re in short supply.

Providing Value and Getting Respect

The way to get their attention is actually quite simple: Provide them with content that gives immediate value. If you succeed, the community will help you out, recognizing you as a friend.

Providing value to the community is done by creating meaningful, inspiring, or just fun content of high quality. An important thing is to not take yourself too seriously. If you have an edge, it’s appreciated and rewarded.

Real-Life Examples of Building Credibility

  • Reddit Outreach: When working on a FOSS project aiming to replace Fail2Ban, I monitored Reddit for mentions and subtly suggested our alternative where it added value. This helped gain direct interest and awareness.
  • Stickers and Humor: Designing stickers that reference geeky jokes or sci-fi like Star Wars can surprise people. At BSides Prishtina, I was introduced as “the guy with the coolest stickers.”
  • Talks and Meetups: I’ve given talks on living with ADHD in infosec to dispel myths, share personal stories, and build connections. It’s been a way to showcase my expertise while building my authority in the community.

Examples of stickers with geek appeal. The stickers mentioned in the story are not among these.

Providing value to the community is done by creating meaningful, inspiring (or just fun) content of high quality

Getting HR, Marketing, Communications, and the Security Pros to Work in Sync

For this strategy to work best, HR, marketing, communications, and your security team need to be in harmony. Here’s how to make this collaboration happen:

  • Cross-Department Workshops: Get everyone together to share their perspectives. Your security team can explain the challenges they face, while marketing and HR can help craft messaging.
  • Joint Strategy Development: Build a strategy with common goals that align everyone’s strengths. Let your security team highlight key points while HR and marketing turn these into compelling job descriptions and campaigns.
  • Content Creation: Security experts provide technical depth, while marketing ensures it’s clear and engaging. Share behind-the-scenes stories and thought leadership pieces that spark curiosity.
  • Feedback Loop: Set up a feedback loop to improve your strategy. Share findings across departments so that adjustments can be made based on community feedback.
  • Internal Advocates: Find internal advocates to bridge the gap between technical and non-technical teams. They’ll ensure your message remains authentic and appealing.

More Ways to Engage

I’ve been involved with my local infosec community for a long time, arranging events and talks for peers to show up, grab some pizza, and get inspired for new projects. This has helped me build a network of peers, many in decision-making positions, whom I can reach out to and leverage to my advantage. I can only do that because my involvement in the community has helped me build trust and authority over time.

Other ways to engage include arranging CTF (Capture the Flag) competitions for your employees and the local infosec community, contacting universities to sponsor student events, or interviewing an employee who maintains an open-source security tool that your organization uses.

Content Marketing for the Infosec Community

All these examples are forms of content marketing. Conceptually, it’s nothing new, but using it specifically for the infosec community is still relatively uncommon. When used well, it’s an effective way to speak directly to the community, provide them with valuable content, and show that you understand their needs. This helps you build brand recognition and earn their trust.

Conclusion

Dare to step out of your corporate image and show the infosec community who you really are. Embrace their culture, show respect, and connect authentically. Your company will be seen as an attractive place to work. And if you need help combining these skills, feel free to reach out to me.