How Fortune 100s Are Still Getting Cyber Hiring Wrong
At Sectech Solutions, we're dedicated to matching top cybersecurity talent with organisations looking to protect their systems in a constantly evolving digital landscape. As a UK-based recruitment firm expanding into the US, we see the hiring struggles that even the biggest companies face. While Fortune 100 giants often set the tone for the industry, many organisations across the board—from large enterprises to smaller firms—are making similar mistakes that push away skilled professionals. In this blog, we'll explore key findings from recent research, including how strict job demands, like requiring AI skills for entry-level roles but ignoring them for leaders, might be driving talent elsewhere. We'll draw on insights from Help Net Security and other industry reports to show this is a wider problem, and offer tips on better job setups and welcoming language to attract a broader range of candidates.
Where the Industry Is Going Wrong: Key Findings
Recent studies reveal that rigid hiring practices are creating barriers in cybersecurity recruitment, not just for Fortune 100 companies but across the sector. For instance, Expel's 2025 Enterprise Cybersecurity Talent Index analyzed over 5,000 job postings from Fortune 100 firms, but these issues echo broader trends seen in reports from ISC2 and CompTIA. Here's a breakdown of the main problems:
- Rigid Job Requirements and Skill Mismatches: Around 46% of cybersecurity job ads mention AI, often using terms like "automation" or "machine learning" for junior positions. Yet, not one single posting for director-level or higher roles required AI experience. This uneven approach can confuse candidates and make senior roles seem disconnected from modern tech needs. Industry-wide, similar mismatches show up: 38% of hiring managers expect advanced certifications like CISA (which needs five years of experience) for entry-level roles, and 34% want CISSP for juniors, setting unrealistic bars that prolong hiring and deter newcomers. With a global talent gap leaving only 74% of US cyber jobs filled, these habits worsen the shortage.
- Lack of Flexibility: Only 8% of Fortune 100 listings offered remote work, but remote roles attract far more applicants—43% get over 100 applications versus 11% for office-only jobs—and fill much faster. This rigidity isn't unique to big firms; CompTIA's 2025 report shows that while 53% of companies plan to hire for cyber roles, many struggle due to limited flexibility, pushing candidates to more adaptable employers.
- Overlooking Wellbeing and Inclusive Perks: Just 10% of postings mention mental health support, even as burnout plagues the field. Broader surveys highlight this gap: despite high stress from threats, many job ads ignore wellness, and 23% still list degrees as required or preferred, alienating those with practical skills or certifications. Pay mismatches add to the issue—the average cyber salary is $152,700, lower than related fields like observability at $165,400—and only 4% offer equity. ISC2 notes that economic pressures and overwhelming application volumes (over 1,000 per posting) make it hard to spot real talent.
- Turning Talent Away: These practices contribute to a perceived "talent shortage," but experts argue it's more about alienating candidates. Over half (52%) of pros worry AI could reduce entry-level opportunities, and with 470,000 US job openings demanding cyber skills, mismatched requirements push people to other sectors. As one report puts it, "Enterprises are inadvertently alienating and confusing candidates, pushing highly talented professionals toward other fields."
Alternative Job Structuring Tips
To address these industry-wide challenges, companies should rethink job descriptions for better appeal and efficiency. Here are practical suggestions based on the research:
- Balance Skills Across Levels: Avoid overloading junior roles with advanced needs like AI unless essential—focus on core skills like basic threat detection first. Include AI as a "nice-to-have" for leaders to show forward-thinking and create clear career paths. Distinguish "must-have" from "nice-to-have" to avoid scaring off beginners.
- Embrace Flexibility: Highlight remote or hybrid options upfront, as they attract more applicants and speed up hiring. If office presence is needed, explain the reasons and offer flexible hours to compete in a global market.
- Prioritize Skills Over Credentials: Shift to skills-based hiring by valuing certifications and experience over degrees. This opens doors to diverse talent, including self-taught pros, and aligns with the 90% of managers who consider IT experience sufficient for entry-level roles.
- Boost Competitive Perks: Include salary ranges, equity, and growth opportunities in ads. With training costs low, emphasize development to retain talent—81% of new hires become independent within a year.
Inclusive Language Recommendations
The way job ads are worded can make or break applicant interest. Use clear, welcoming language to show inclusivity and care:
- Support Wellbeing: Add phrases like "We prioritize your mental health with counselling access, stress tools, and ample time off to combat cyber strain." This addresses burnout and makes candidates feel supported.
- Promote Diversity: Say "We value applicants from all backgrounds, with equivalent experience or certifications welcomed over formal degrees." Avoid biased terms like "rockstar"—opt for "collaborative and passionate" instead.
- Keep It Approachable: Use simple wording: "Help us safeguard against online risks in a supportive team" rather than complex details. End with "If this resonates, share your story—we're excited to connect."
These changes can help any company, big or small, draw in more diverse and qualified candidates.
How Sectech Solutions Can Help Navigate These Challenges
As we expand from the UK to the US, our tailored recruitment—whether for a small network setup or a major cloud shift—helps clients avoid these pitfalls. We focus on people-first matching to build resilient teams.
While Fortune 100s highlight these issues, they're common across the industry—but with smart adjustments, you can turn hiring into a strength.
Let's Talk
Ready to refine your cybersecurity hiring or find your next opportunity? Contact Sectech Solutions, we’d love to assist!
