Last Updated on March 10, 2023
The cyber talent search feels like a global, dangerous game of Marco Polo.
We’re all looking for each other, but nobody can find anyone.
(But even if we do, it’ll only last 18 months or less.)
I was so excited to bring Deidre Diamond, Founder and CEO of CyberSN, on the Virtual CISO Podcast to talk about attracting and retaining cyber talent during the talent shortage.
Deidre calls herself a sociologist at heart with a fascination for criminal justice — and her career covering technical staffing, software companies, and cyber sales prepared her to launch, CyberSN, a cybersecurity network and technology staffing firm.
“I recognize that I represent the 1% of women that are founding CEOs who are successful,” Deidre said.
How bad is the cyber talent shortage?
Here are some serious numbers to express the shortage of talent in the cyber space:
- In the U.S., the shortage is 500,000
- Internationally, it’s about 1.9 million
- Software staffing is 10x more difficult and 10x more expensive
The industry is so new (and so under-budgeted) that people are doing 2 or 3 jobs in one.
“Cyber professionals are only on LinkedIn to a tune of 35%, so where are you going to get them?” Deidre said. “To be able to find these people and match these people is super expensive.”
There are 35 job categories in cybersecurity, and each one takes years to train. “If you’ve already got a guy working 60 hours a week, he doesn’t have the time to bring a new person on board and train them,” she pointed out.
Technical roles are in more need and harder to find than ever. Plus, people who are maxed out want to leave. The recruiting and retention problem is as simple… and as complex… as that.
How to keep talent
Deidre said for her, no job is truly hard to fill because most people don’t love where they work and are therefore recruitable.
“You’ve got to be able to get that right role in front of them, which is why you have to speak cyber,” she said.
“For us, recruiting is nothing because of unfortunate circumstances of how employers take care of employees. But for an organization, it’s extra hard,” Deidre said, especially for CISO roles and anything to do with data privacy.
The #1 way to make sure people aren’t going to leave you is career planning.
People don’t want to leave their jobs. The search is not fun.
But honestly, if companies would just take care of people’s needs (often disguised as opportunity, boredom, money, training), they’re going to stay. “Here’s what’s going to solve why you’re leaving, which is almost always opportunity to grow — invest in me, train me, certifications, help me grow, help me get better,” she said.
To employers, this looks like a retention strategy that is focused on career development. And to employees, this looks like a company that invests in education and growth.
A word about managers: Especially in cyber, good practitioners often get promoted to leadership when managing isn’t what they’re good at. Not that they can’t be fantastic leaders, but they aren’t trained in it. Which is why training should never stop.
“Succession planning is a strategy. It really comes down to what somebody’s doing on an hourly basis such that you can manage their time enough where they don’t burn out or get overwhelmed,” Deidre said.
How to win talent
We’ve got a massive national security problem, meaning we’re all running around looking but we can’t find each other.
Recruitment strategies start with communication. Deidre launched KnowMore to automate figuring out what a job requires and what a human’s skill set really is.
Not only does the platform speak cyber, but a cyber professional can have a public profile without releasing their identity. “I think to myself, gosh, we’re in this wave of information and yet we’re really not utilizing the ability to match for jobs,” Deidre said.
Cyber professionals say that job searching is horrible. And organizations say they can’t find talent. But it doesn’t have to be this way.
Deidre takes her inspiration from how dating apps have delved into data to build successful relationships. This level of analysis should be available for job searching, too.
As professionals, we know the projects we’ve been doing and what tasks and skills are needed for each job. “We should be able to categorize ourselves digitally in one place per profession and be able to match to jobs so easily that we have options,” Deidre said.
Deidre made the point that switching jobs every 18 months is mentally, physically, emotionally taxing. Nobody actually wants to live this way.
Taking a sociological viewpoint on the problem, we will see that the conversation of inclusion is essential.
“Inclusion for me means making a place for everybody,” Deidre said. “Humans thrive in mental safety. They can speak their opinions and their ideas and they won’t be made to feel stupid or get in trouble. That’s culture to me.”
To come up with her New Year’s resolution, Deidre spent time analyzing data about who’s in the power seats — it was people who had certifications and degrees to the highest level. “I’m doing a ton to bring women in,” Deidre realized. “Now I need to help build them.
Connect with Deidre about finding talent, sociology, and diversity on her LinkedIn.
This post is based on The Virtual CISO Podcast episode #2 with Deidre Diamond. To hear this episode, and many more like it, you can subscribe here.
If you don’t use Apple Podcasts, you can find all our episodes here.
ISO 27001 Recipe & Ingredients for Certification eBrief Discover what you need to achieve ISO 27001 certification! This eBrief will give you a quick and easily digestible introduction to the ISO 27001 standard and the process of becoming ISO 27001 certified.