May 3, 2022

Inclusivity and diversity aren’t just about who you hire — it’s about the culture you create.

Sure, you can get talent from all walks of life, but if you haven’t built an inclusive culture…

Well, good luck getting them to stick around.

Today, I’m speaking with Deidre Diamond, Founder and CEO at CyberSN, who shares her 8-step framework for creating an inclusive culture in your organization.

Join us as we discuss each step and its importance, including:

  • The need for emotionally intelligent managers
  • The power of positivity
  • The art of win-win communication

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here.

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.


Speaker 1 (00:19):

You are listening to The Virtual CISO Podcast, a frank discussion providing the best information security advice, and insights for security, IT and business leaders. If you’re looking for no BS answers to your biggest security questions, or simply want to inform and proactive, welcome to the show.

John Verry (00:36):

Hey there. And welcome to yet another episode of The Virtual CISO Podcast, with you as always John Verry your host, and with me today, Deidre Diamond from CyberSN. Hey, Deidre?

Deidre Diamond (00:52):

Great to be with you.

John Verry (00:54):

I got your name right that time.

Deidre Diamond (00:55):

You did, you did. Work in progress.

John Verry (00:58):

There you go. I’m a continuous improvement kind of guy. All right. So let’s start simple. Tell us a little bit about who you are and what is it that you do every day?

Deidre Diamond (01:08):

Yeah, absolutely. So I’m the founder and CEO of CyberSN. We are where talent meets it’s match in that we have a job platform that matches cybersecurity professionals to jobs and their profiles. So of course we have staffing services that really we’re changing the game of how people job-search. It’s a broken sySTEM that’s hurting us all greatly. I’m also the founder of, which is not-for-profit that supports bringing women into cybersecurity and growing them and advancing them. And we put on an event called Day of Security that is really spectacular, just had 1100 women together, red team, blue team, EQ tracks, super fun.

John Verry (01:55):

If I can speak personally, Deidre is awesome to spend time with, awesome to work with. She’s helped people that we know, her firm is great at recruiting. I have a personal thank you. She had my daughter who is a woman in technology … STEM person who attended her event [inaudible 00:02:15]. And she absolutely loved it. And by the way, she did end up taking a position with KPMG. 

Deidre Diamond (02:22):


John Verry (02:24):

Yay for us. We’re getting more of a footprint and information security for women, which is what we should have. Cool. So you’ve been on the show before and I always ask what’s your drink of choice?

Deidre Diamond (02:38):

It’s right here by the way. And it’s the only drink, it’s a ice latte. You can hear the ice, which is basically espresso and oat milk. And I have two big ones a day.

John Verry (02:49):

It’s funny, my daughter does exactly that. She used to get … they have four shots of something. I forget what the espresso she calls it. It’s got an S word with oat milk.

Deidre Diamond (03:01):

I love it. It’s my go-to all day, every day. Last throughout the day even.

John Verry (03:07):

Well, I would say, I probably know that because every time I’m ever on the phone with you, you are bouncing off walls. So now at least I understand why. All right. So you were kind enough to come on the podcast. You’re one of our few multi-time visitors. Last time we chatted a little bit about your recruiting business. You were kind enough to jump on today to talk about what you’re doing on the diversity side. I’m a big believer in the women in STEM and ensuring that we’ve got diverse workplaces. I think Pivot Point Practice is an extremely diverse workplace. We think that’s the way it should be. 

The more voices, the more flavors, the better off you are as an organization. And just generally, I think when we talk about information security, we tend to talk about people … excuse me, technology and processes and standards. Do we talk enough about people?

Deidre Diamond (03:58):

No, we always say people process technology, and yet I think the reason why we don’t is it’s a topic that most of us aren’t trained on, nevermind have the skills for, it’s by design actually, right? Like soft skills, communication skills, everybody was told nobody needs that in tech or nobody needs that in cyber or the only people that need that are executives and now fast forward in 2022 and it couldn’t be further from the truth. So we’re suffering because we haven’t been training on those skills. So I think that we know they’re important. We also know that there’s a shortage, and so it’s really easy for I think, people to not conquer this retention issue because there’s such a shortage that people chalk it up to well, I can’t compete.

What I’m here to tell you is that we can, and that people leave of people, and so while a lot of my content is focused on diversity and inclusive environments, you can’t have diversity without all genders, all races working together to have an inclusive environment. So really, this content that I’ve been out speaking about, started at ISD Squared Congress late last year, where I rolled out inclusive cultures come first in order to have diversity, what’s an inclusive culture look like? Is really stems from all my work. My work within staffing in that people are struggling to retain talent, as well as my work in bringing women into cybersecurity and then supporting them in growing and seeing the challenges they have in working in environments that aren’t inclusive.

So after years and years of lovely people like you do asking me, “Well, what does an inclusive environment look like?” And so that’s what I really want to talk to you about today. 

John Verry (06:07):

Good. So you’ve developed an eight step framework, right? You presented at IC Congress and a couple other places that I’ve seen you talk about it. With your blessing, why don’t we walk through the framework and what we can do is you can, for each of the different areas, you can fill us in on what you mean by X, right? So the the first step in the framework is what you referred to as emotionally intelligent managers. That sounds dangerous.

Deidre Diamond (06:31):

I know. I know. I know. Well, hopefully everybody gains these skills and becomes dangerous because that’s what we need, meaning dangerously skilled to do well. So let’s look at it. So EQ is emotional intelligence. It’s the capacity to be aware of control and express one’s emotions to handle interpersonal relationships, judiciously and empathetically. That’s the key, right? That we’re able to have relationships that we are able to be empathetic and interpersonal, right? Whereas IQ is literally the person’s level of intelligence measured by tests, right? That’s totally different. But the two together, make our personalities. And in today’s world of business, we work in teams more than we ever have.

And it’s the fact that we’re working in teams at such a high level that we need to really focus on this because, communication changing an an to an or can change a statement, nevermind all the other things that go into statements and things that people are saying. So the first thing we have to do is we have to say, if somebody’s going to be in charge of somebody else’s career, which is what a manager is, then they need to be trained on emotional intelligence skills. We can talk about those skills. What do they look like?

John Verry (08:05):

Yeah. Let me ask you a question there, because I couldn’t agree with you more, and I love the old adage that people don’t leave companies, they leave managers. I think for the most part that’s 100% true. When I think about the problems that we’ve had a Pivot Point over the years, it typically tends to be someone who doesn’t have either IQ or EIQ or emotional intelligence. But it would seem to me like you can’t teach IQ. Can you really teach emotional intelligence or is emotional intelligence something that we have to have a way to screen for and recognize that certain people are … Because we have this tendency to … We live in a technology world, right? 

And the most technically successful people, the people we anoint to being a manager, without really determining whether or not they have like you said, the emotional intelligence to be a manager. So I guess that’s a multi-part question. Is emotional intelligence something we innately have, or don’t have? Can we test for it and or can we really train people to become more emotionally intelligent or is where we are, where we are?

Deidre Diamond (09:02):

Yeah. So couple of things, one is our ability from an IQ perspective, caps out when the brain is fully developed. That depends on the person, but it’s somewhere in the mid to high 20 of age. And that is what it is. There is no changing that. Whereas EQ is the opposite. It really can continue, it has nothing to do with that part of the brain that becomes fully developed. The thing that we have to say to ourselves is in your analogy of highly technical people getting promoted into management seats is, do they want to care for others? Because if they truly want to care for others, they can learn the skills. 

The skills are win-win communication. The skills are managing a calendar and time management. The skills are making and managing measurable agreements. The skills are listening skills. The skills are the ability to trust and verify. So I can keep going, I have this what I call the EQ tree for this exact reason. I put all these skills on a tree because we really can just based on the physical part of our brains, we can develop it. But there has to be a desire. I wonder if all of those people being put in those management seats, if they were told, “look, you are responsible for these people’s careers being successful or not successful.”

I wonder if they’d still want the job. Because it truly, if we are saying that people leave people, we must also then say, you are responsible for that person’s job. That’s really a serious role to be responsible for somebody else’s career path. So yes, we can train, we can develop this if there’s a desire, like anything else, there has to be a desire. I wonder because a lot of times those promotions come with money, and they come-

John Verry (11:09):

And status.

Deidre Diamond (11:10):

Status. Exactly.

John Verry (11:12):

So it’s [crosstalk 00:11:14] yeah, it’s a catch 22, isn’t it? Because it’s the way that people make one running and have more status within an organization. So the answer is that they want those two components of it and the other part comes along okay, I’ll probably be okay at it. The second thing that I think we do listening to you chat about that, and I think it’s making me think that there’s an HR issue here as well, is that, I don’t know that we necessarily … When we develop job descriptions from a human’s resource perspective, is there enough emphasis on the lead managed, developed talent component? 

If you think about it, like in a company like ours, we’re a company that consulting services, we talk about the importance of delivering the deliverables that we give to our clients. We talk about billability rates. We talk about a lot of things that a lot of companies would talk about, but emphasizing that point is probably something we all need to do better and would probably create a more inclusive, better culture, so that people understand, look, you’re going to be rewarded on your ability to grow your team, as much or more so than you are on your ability to do the actual work. To be a practitioner.

Deidre Diamond (12:18):

That’s right. Right now, so I take that so seriously that if a job in our platform using our taxonomy and the job has a management title or a leadership title, then you have to allocate time for actually managing those people. The time that’s needed to spend with them, the time that’s needed for career mapping, the time that’s needed for reviews, we’re asking the employer to say, how much time are you giving this position for the management of people? Because that’s the conversation that anybody that has a management title needs to be in. Will they be successful? Do you view my management seat as one where I’m spending time with people as much as I need to be?

So I don’t see that in other job descriptions, it just says responsible for them, but not breaking down how much time do you get doing that? Plus architecture, let’s say, because a lot of these folks are going to be architects or very senior SMEs in tech background [crosstalk 00:13:27] compliance, so we need to do that.

John Verry (13:29):

All right. So I couldn’t agree with you more there. so the second part of your framework is what you referred as a positive attitude culture. Is that as simple as it sounds, at least in terms of what you’re trying to say? Maybe not living it, but trying to promote one.

Deidre Diamond (13:50):

Well, that’s the case. It’s as simple as that in that when I was 23, I got my first management role in staffing. As you know I got to work for the same founders for 21 years across three different companies and I was trained to be the weapon that I am today, if you will. I remember when I was at that dinner being promoted to my first time management seat, my mentor saying, “Are you ready to turn on and off the lights?” I thought, “Is she nuts?” This was a woman at the time. “Is she nuts? I’m the first and the last out seriously.” Of course I’m like, “Yes, yes.” In my head I’m like, “She nuts.”

It took me until a year later when I learned that what she meant was that I have the ability because I’m now a manager to turn people on or turn them off. My attitude affects their daily performance. That is something that everybody has to take very seriously. The whole concept of shit rolls downhill … it’s true. And if we don’t have positive attitude, solution provider attitude, then a culture is never going to be the type of culture that allows high EQ, high empathy, high engagement of relationships, caring for people. So it is very serious, and that means that one has to be judged on that.

The review, has to include positive attitude. I have that in my reviews of anybody in a management seat, do you come 99% of the time with a positive solutions-oriented attitude? That’s a skill. I was trained in it and it needs to happen. Otherwise it’s just a distraction and destruction happening, you know?

John Verry (15:42):

Yeah. And that becomes increasingly important the more stressful the situation or … Because I always tell people as a leader, manage, when hits the fan in your world, immediately the first thing that people do is look to see what you’re doing. And if you’re jumping out the window, they’re out the window, they’re on the ledge behind you. And if you turn around and say, “Guys, not a problem, we got this. This is just a bump on the road. Here’s what we’re going to do. Here’s the plan, get the behind me. We’re okay.” They will. So I couldn’t agree with you more is that that attitude … And I like your turn it on turn it off. 

Deidre Diamond (16:20):


John Verry (16:21):

I never thought of it that way, but that’s really good.

Deidre Diamond (16:24):

That’s right. We turn that energy on and off in other people because we have the power to fire them, put them on a performance plan. We literally have the power to them being not successful or successful, and that’s huge. I think that it’s also makes sense for people to understand that it isn’t just in the scenarios where there’s a really big problem that hits, it’s also just in life, who wants to work around somebody who’s constantly complaining about their life, or relationships in their life or bringing negative conversations into the workplace. So it is important that when things hit the fan, that we’re there with positive attitudes. And yet it’s just as important that it’s just a regular piece of who this manager is, is that they’re not bringing their problems to the workplace.

Even if you have them, it’s just not appropriate to bring that stress into the environment. Rarely, every once in a while, but very rarely.

John Verry (17:29):

So you’re telling me that we should only hire optimists? Got you.

Deidre Diamond (17:34):

That’s funny.

John Verry (17:35):

Let me write that. No, but all kidding aside. Right? All kidding aside, a positive attitude is an optimistic attitude, right? It’s people that live from an abundance mentality versus scarcity mentality. Because if you meet someone who’s got a scarcity mentality, they’re not going to bring a positive attitude frequently into their work.

Deidre Diamond (17:53):

Yeah. And I was told, and I think everybody should be told, part of what I’m paying for is a positive attitude. That’s what I was told when I was being hired. Now I’m paying for that positive attitude. So … yes, it’s true. Optimism, the glass is never half empty.

John Verry (18:16):

I can’t even think of a time that I’ve ever worked in a company, including this company. Where we’ve said that … I feel that way. But I don’t think we’ve ever explicitly said that to the leadership. Like, look, you’re being paid to have a positive attitude. That’s part of what you’re … We pay people for their technical skills, we pay people to drive revenue, we pay people to drive relationships. We pay people to … but we’re paying you for a positive attitude, but do we ever actually say that? I like that a lot.

Deidre Diamond (18:46):

If it’s in the review, you will. So put it in your-

John Verry (18:48):

So listen, I got to start doing your job reviews instead of the ones we do. The next step in your framework is a self care culture.

Deidre Diamond (18:58):

Yeah. So look, I’m 50 now and I-

John Verry (19:02):

You look fabulous.

Deidre Diamond (19:03):

Thank you. I had to make major life changes in my late 20, like quitting smoking, losing 100 pounds, integrating a workout, finding yoga at 31. I had to embrace that to stay powerful, because my health wasn’t going to be able to keep up with my role and my advancement. So I learned young and I’ve also watched so many people that I admire and respect, lose their health because they don’t perform self care. So here’s the deal. I did it at 28 going, I got 300 and something people in my org following me, I’m 28 and they see me smoking and I’m leading them to the promised land training, hiring, entry level. 

And I was like, “I can’t do this. Plus I feel like shit.” So my point is like, there’s a responsibility to caring for ourselves in order to care for others. For one, we need our health to continue caring for others and doing what we do, whether it be at work or at home. And there’s also a responsibility as a manager to care for oneself, because you’re who people look up to, to be. More money, more responsibility, prestige. And it’s just not true. That one will be successful past a certain age if they don’t do something that makes it to where they are really caring for their health. 

So it needs to be a part of the culture. Is that not judging, not telling somebody they’re unhealthy or any of that stuff, but managers actually bringing the conversation to the table, making sure people are scheduling their time wisely so that they have time for themselves, however they want to use it. And leading by example. One of the most important things for a manager is to lead by example for self-care. So for me, I quit smoking more for others than I did for myself at the time, as much as it was affecting my health, that’s what did it for me. So I encourage all managers to think you’re mentoring people. 

It isn’t just for that SME skill, it’s for life. And you’re showing them a way of life, so to speak.

John Verry (21:17):

We are crossing over into a dangerous world there and say, “Hey fatty, have a salad.” You know what I mean? 

Deidre Diamond (21:23):


John Verry (21:24):

So the question would be here-

Deidre Diamond (21:26):

You can’t do that.

John Verry (21:26):

Right. You can’t do that. 

Deidre Diamond (21:26):


John Verry (21:27):

So the question is that, when you say a self care culture, are we talking about promoting the concepts of self-care and making those things available to people, but obviously we can provide people an opportunity to change. We can give them an example of change, but we can’t actually make them change.

Deidre Diamond (21:48):

Never. So in my org, it’s as simple as saying, “Look, there’s a formula to self care.” It’s some sort of exercise that gets you moving four days a week. It’s really focusing on good sleep. It’s water intake in a certain amount of day, it’s meditation, or just time to think and be alone, no matter whether you’re an extrovert or introvert, people need some of that time. So it’s holding the space for the conversation. Cultures that are really successful aren’t telling people what to do and not to do. I

don’t, we don’t, nobody ever did to me, it’s holding the space for a conversation of the stronger we feel, the stronger we are, those kinds of things and just holding the space for it and making sure people are aware that we care and if they need to flex their schedule a little to make their self care program work, we’re up for that conversation. And if they have some ideas, we’re up for that conversation. It’s also in our value statements in terms of what CyberSN values is, having a ability to have self care in our lives. And it’s also just things that we do. So for instance, we do a lot of walking and talking, we do some meetings where people are walking and having their meetings.

I take people to yoga things. I give massages for gifts. So it’s just that the conversation is there. So the brain is more up to do something about it because the conversation’s always there, but no judgment, never telling people what to do.

John Verry (23:32):

So I know a friend of ours worked for a famous woman’s clothing company and she was very, very into this type of thing. So what she did, and I wonder if this would be something that you think would be aligned with the self care culture, is she used to have people come in, she would have like Dr. Roger Jahnke who wrote The Healer Within, she believed in the concepts of Eastern medicine and he came in and talked about The Healer Within and how you can empower your body to be better and taught them about breathing. She would have people come in and talk about nutrition. She had people come in and do cooking classes around, being able to cook healthy and cook with vegetables.

So those would be some of the things like in a self care culture, it would be just opening the conversation to this, exposing people to them, making them understand that these things exist and giving them, empowering them if you will, to lean into these things. Is that the idea? 

Deidre Diamond (23:32):

That’s right. 

John Verry (23:32):


Deidre Diamond (24:23):

That’s right. We had a chiropractor speak at our offsite about standing and sitting and how much time you want to do and how to make your desk and things ergonomic and … yes.

John Verry (24:34):


Deidre Diamond (24:35):


John Verry (24:35):

That makes sense. All right. So now the next one is a kindness. I should have had three bourbons before this-

Deidre Diamond (24:44):

I should have some more latte.

John Verry (24:46):

Yeah, you’re going to have more … I’m going to have another bourbon. I guess this is part of my self-care culture, I just want you to know. Right now, I’m caring for myself with this bourbon. What is a kindness-only culture?

Deidre Diamond (25:02):

Well, this is one that needs a lot of work, because everybody thinks they have a kindness culture and yet there’s a lot of unconscious bias, right? What is unconscious bias than anything other than saying, or doing things that we didn’t know would hurt somebody else? So a kindness environment means we’re not hurting other people, which really means our words, is most of our interaction, whether they’re verbal or whether they’re written. So this comes down to things like having a culture that doesn’t haze or doesn’t have nicknames or is positive. It’s really anything that comes out of our mouths.

Whether it’s a reprimand or not, comes with kindness, so for instance. Of course, we all have to reprimand or hold people accountable or whatever. I’ve been trained since my early 20s on something called kiss, kick, push. So, even in the worst times where I have to really confront somebody, on performance or a situation, I still must first thing out of my mouth, be something that’s more of a kiss than a kick or a push. So it’s concepts like this that allow us to have kindness be a part of our culture even in the hardest time. So for instance, let’s say John, you told me you were going to have a project done tomorrow and tomorrow comes around and you’re MIA, which doesn’t really happen to me, but let’s just say that happened. 

Maybe it would be a pretty big, serious conversation if somebody’s MIA. The beginning of that conversation of the kiss is really important, which is, “Hey, John, I really wouldn’t have expected this from you. I know you’ve always been super punctual and committed.” And then it’s the, “What happened? Where were you? You left X, Y and Z people hanging.” But if I just started with, “What happened, where were you? You left people hanging.” And nothing kind to give some … It’s very possible that something really tragic happened or there’s something in your life going not well and, it’ll make a difference for you if I came at you the first way than the second way.

John Verry (27:34):

Yeah. I agree.

Deidre Diamond (27:35):

Right? And it’s not going to make a difference for me, from the perspective of getting the information or dealing … other than my relationship with you is going to make a difference.

John Verry (27:46):

Yeah. So, the only thing … and I agree with that, conceptually, the only thing that … to me, every time that you talk, you look at what people value in the companies they work for is transparency is always very high in that list. And we have an insanely transparent culture. If you screw up, you screwed up, own it, let’s move on. So, you’re saying, just to be clear, that there’s room for transparency and there’s room for a difficult conversation, but it can be done in the right way.

Deidre Diamond (28:18):

Yeah. And not only room for it, it’s like those conversations have to be had. I run a massive operation of stuff. They can’t be avoided, that would be the terrible thing. Let’s just start with challenging ourselves to say something truly positive and you can’t make it up-

John Verry (28:37):

But truly accurate though, right? Because if you blow smoke up someone’s ass, on the front side, then what’s going to happen is that, that criticism, the truth doesn’t get heard.

Deidre Diamond (28:48):

Can’t make it up. Has to be super real.

John Verry (28:50):


Deidre Diamond (28:51):


John Verry (28:51):

Yeah. We’re on the same page there. 

Deidre Diamond (28:53):


John Verry (28:54):

So you-

Deidre Diamond (28:54):

Just take push.

John Verry (28:55):

That’s actually interesting. I’ve never heard of that.

Deidre Diamond (28:55):

It helps-

John Verry (28:55):

But I think-

Deidre Diamond (28:59):

[crosstalk 00:28:59] forward. This is what we’re going to do now. Right? 

John Verry (28:59):


Deidre Diamond (29:02):

The push is the third thing of how do you move it forward? Push it forward. 

John Verry (29:06):

I know, I could do that better because I have a tendency to … I’m very transparent. If I’m pissed I’m pissed then I say it. I think I do it fairly and balanced way, but I don’t have that tendency to do the kiss on the front side. I think even if it’s not a kiss, because that’s not my personality, but it’s the openness to give them a chance to explain before the criticism, because you’re right. Do you remember the Steven Covey in one of his books had the example where he gave where the guys on a train and the two kids are jumping around and they’re causing a whole bunch of ruckus on the train. 

And finally he gets up enough nerve and he says to the father, “Aren’t you going to discipline your children?” And the guy turns around and looks at him and goes, “Oh my God, I’m so sorry. My wife just passed we’re on our way back from the funeral and I really wasn’t in my.” Right away the guy’s like, and he says, “I wish I had approached that differently.” So it’s almost that same kind of a story, right? [crosstalk 00:29:54] okay. I like that a lot. I should do a better job of that. So the next one that you have is consistent management training. Can you explain that?

Deidre Diamond (30:05):

So, much like our hard skills are, soft skills need training and it needs to be consistent. So, it takes seven years by the way, to develop a new habit, a new habit in the way we speak, a new habit in the way let’s say we interact with people, whatever it is, it’s a new habit. And we want this habitual. We want these EQ skills to be a habit. So, that means training, that means reviews like having this conversation constantly front and center to managers is partially training is a big piece of that. The problem we have John, is that there isn’t a lot of training places, or even the ones that I want us to have don’t really exist.

I’m actually in the process of talking to a few firms and seeing if we can together create something that would really help. But we’ve got Myers-Briggs, we’ve got situational leadership. I love both of those things, they’re very powerful. But there isn’t the model of win-win communication training, or managing a calendar or making and managing measurable agreements, the things that I train on and have been trained on in all of our orgs across the world, it’s not a program that somebody can go sign up for. I’m always telling people, you hear something you let me know, because I’ll promote it. 

There isn’t a whole lot of it. So we need to use the ones that we have and then organizations have got to care enough to create them. Management training, the training of managing others, part of that is training and part of that’s the check in, how you’re doing, working with the person. It used to be HR that managed this whole function, and now I feel like it’s only a few departments that get that support.

John Verry (32:05):

So we have these classes or training that you’re referring to, and then you’ve got, when you say consistent management training, it’s not almost even positive reinforcement and consistent, isn’t there an old adage that says that you haven’t heard of something till you’ve heard it seven times. 

Deidre Diamond (32:18):


John Verry (32:19):

So that’s the idea of … And to some extent, in a perfect world, it would be HR or manager of managers. There’d be some level of trust that this is happening, but verify. Are the one-on-ones happening? Are the one-on-ones happening in this way? What type of feedback are you giving your people? And there’d be evidence of that [crosstalk 00:32:40] right, okay.

Deidre Diamond (32:42):

I occupy that role here at CyberSN. Of course the head of HR does too. It really it’s her and I together. And that’s where does somebody go when they’re having trouble or they didn’t do win-win well or KP well, and they’ve got to a situation. Do they have support? Is there a way to even talk about how they did, what they did to help them do it better? Those are the things that it’s just not a one-time thing. It’s not a one-time conversation or a one-time training, it’s holding the space for consistently conversation.

John Verry (33:19):

Yeah. To some extent, you’re talking about the criticality of the HR role in any organization, which I actually think is one of the most underrated, if you will. Or under considered. I think a great HR director or a great HR department, makes a great company.

Deidre Diamond (33:36):

I do too. The problem is much like security it’s like, well when you say the term HR, it’s like, oh my gosh, there’s so many … you got payroll and pay and compliance and people recruiting and … So many things fall under it. It’s like, what part of HR are we judging? So they need support in really splitting up the different areas of what they do and having that clear language of what they do. Yes, it’s traditionally fallen under training, which falls under human resources, and then traditionally it’s fallen to executive training.

John Verry (34:17):

Okay. So here’s the funny thing is that we just went into HR and it looks like the next two steps in your framework are very HR related, right? Well, the next step is roles and responsibilities are clearly defined and measurable, which again is an HR and a hiring manager and manager’s job, right?

Deidre Diamond (34:40):

Absolutely. And this is the number one, ding, ding, ding, every time there’s a problem of conflict, almost always in an org is who was responsible for what or overworking somebody because you don’t really know what they do. Those are the two things. So, this is something I’ve watched in conflict resolution for years and years. It’s almost like, oh, let me guess, you didn’t have a measurable agreement? I’ll hear the whole story and let me guess, you didn’t know. It’s constant. So, very hard to do. Coming up in sales like I did, it was easy, you’re responsible for this amount of revenue, or this amount of jobs or this, right?

So it’s easy to measure. When you start talking about all other departments, it can be more challenging and therefore it takes more time to really map it out. Now, my job description work has changed that for our clients and for anybody who wants to use it it’s free. You can build your jobs and that is the review mechanism that my clients use. Every task and every project percentage break, it’s all there. Now I grew up in that in the ’90s, it’s still something I live and die by today. And when I don’t have the ability fully define somebody’s job because I’m growing so quickly, which happens at companies, I tell them that.

And we put in the calendar a date to keep getting together and we keep defining and defining as they’re onboarding and growing and getting their feet under them the first three to six months. I’m in the conversation, we knew it, we planned it. It’s not like I didn’t have the conversation and just left them. So, there are times when we can’t do this, it should be pretty rare. Otherwise, it’s not just role and responsibility, but it’s how much time they’re responsible to spend on that. And then once you’re in project mode, what’s the delivery date, training people the minute you can’t hit that delivery date is when you speak up, you don’t wait, you don’t wait a week or two weeks.

It’s that, it’s that conversation. So first it’s making measurable agreements and then it’s managing measurable agreements, and it’s teaching others how to do it as well as doing it ourselves as managers, things change and dates will have to change, but changing them last minute, changing them after you’ve known for time, period, people see that stuff, and you lose credibility and lose any prestige of who you are as a manager, if you’re doing those things, and then everybody else needs trained on how to do it. So it’s the key to operations, bottom line.

John Verry (37:18):

Yeah. So it sounds as if right, that it’s set clear expectations, which also goes right into your next part of your framework, which is, having career promotion criteria being outlined and transparent. Again, which is another way of setting a very clear expectation that we both can live from.

Deidre Diamond (37:38):

Yeah. So if it’s not written down, it doesn’t matter. 

John Verry (37:42):

It doesn’t exist.

Deidre Diamond (37:43):

So that’s the bottom line.

John Verry (37:45):

We come from an auditing background. So sometimes if there’s no evidence of it, it doesn’t exist.

Deidre Diamond (37:51):

So I tell everybody, make measurable agreements with your boss and have them written down and use them every time you’re together on your one on ones, and make sure you’re on the same page. When they change, just change control. Document it, send it to the person, make them acknowledge it. It’s called managing up, which is what situational leadership talks a lot about. We all have to put our career into the hands of others in most of our lives, do it wisely, help them help you. Yes, documenting it and changing the documentation, updating it I should say, is critical to this.

John Verry (38:38):

And that steps right into your last thing, which is win-win communication. So let’s talk about win-win communication.

Deidre Diamond (38:45):

Yeah. I talked about this a little bit earlier in that traditionally it’s been taught to sales people, which is unfortunate … super unfortunate, but really-

John Verry (38:56):

I’m laughing because you and I are salespeople at heart. So both of us know exactly what this means.

Deidre Diamond (39:01):

Yeah. Which means, all you’re dealing with is problems and you still got to sell or come up with a solution and so it’s win-win communication says, you got to have the ability to work with teams and not everybody gets what they want, but they feel like they won. So it’s the art of language, it’s the art of solution making, it’s the art of listening, it’s everything really combined such that you are able to solve problems and people still feel good when they didn’t get what they wanted or exactly what they wanted. And that’s traditionally a sales skill and now it has to be for everybody. It’s probably one of the biggest problems I see constantly is just the language around how we’re solving things that turns people off big time.

John Verry (39:53):

Yeah. Occasionally and the other one where you see that this really becomes a problem is that, so you’ve got … Let’s say you’ve got a management layer and you agree on something, but somebody’s really not happy about that agreement. And then when he goes down and meets with his team, okay, they want to be transparent, and they’ll actually communicate that they don’t agree with the decision, but the minute they agree that they don’t agree with the decision, what they’ve really done is just really cut the legs out from underneath the organization. So that’s not win-win when somebody communicates …

Look, in a perfect world I think you’d agree with me when I say that, if you’re part of a management team and now you’re talking with your group, you have to speak with the same voice as that management team, whether or not you agreed with it or not. When I see trouble either in our organization or I see trouble in other organizations, it’s where you get that disconnect between management layers.

Deidre Diamond (40:49):

Yeah. Amazon has one of their value props. I forget how it goes, but I’ve always latched onto the concept of, if there’s a decision made in the organization at the top or whatever the top is of that decision, then everybody has to agree with it. And if you can’t do that, don’t work here-

John Verry (41:09):

You leave. Right.

Deidre Diamond (41:10):

Yeah. It doesn’t work otherwise. So yes, that’s a great example. The bottom line is and what’s so interesting about all eight of these, and win-win encompasses most of the communication of it all, is that what we’re talking about is how do we have diversity? And what I’m saying is our environments aren’t even inclusive for, let’s say white men, because they’re moving jobs every year to 18 months unhappily. So meaning that’s not what they set out to do, because these environments don’t have this. So this isn’t just so that we can bring in diversity professionals, which we have to do because our attackers are diverse. 

This isn’t a question of whether we want or not. We better if we’re going to anywhere near win or at least evade, than we have to. But the reality is, everybody needs it. If you’re a minority going into a chaotic environment that doesn’t have all this down makes it worse, but it doesn’t mean it’s not bad for those that are already there, i.e let’s say white men. It is, and it’s not working for them either. So, the reason I’m out there saying this is let’s create inclusive environments to have high retention, so that we can retain everybody.

John Verry (42:34):

Yeah, in a weird way, looking at your framework, it isn’t really specifically about inclusivity. It’s about creating an environment that is inclusive. And it’s a weird semantical difference, but it’s not like we’re saying go out and hire, you need one Indian guy, you need one black person, you need a woman. You need people from this racial group or whatever. What you’re saying is build a great environment and it’ll be inclusive and it’ll be the place where everyone from every culture, from every sex, from every religion, from every sexual orientation, would feel comfortable working in.

Deidre Diamond (42:34):

That’s right.

John Verry (43:13):


Deidre Diamond (43:14):

It’s mental safety, and we’re all going to go out and find diversity professionals, because I think we know that if we’re not diverse, we can’t win and we need the numbers too. Nevermind the fact that our-

John Verry (43:24):

Yeah, if you’re a big enough company, you have programs around it, and if you’re a small company like us, the advantage that you have is the more diversity you have, the more unique perspectives that come to the table. Which which is a win, right? It gives you a strategic advantage, having differences of opinion.

Deidre Diamond (43:43):

Of all ages?

John Verry (43:44):


Deidre Diamond (43:45):

I just hired somebody many, many years older than me. I have already had somebody here older than me. Even there a perspective too. So it’s ages of all ages, as well as … as you said, race, religion, gender. So yes, this is why I’m out there saying, look, you want diversity, have an inclusive environment because you’re going to go find them if you’d want them, and then you’re going to lose them. Because if your environment isn’t inclusive already you’re going to lose them. And hey, by the way, this will help you retain all the men too, that I’m watching move jobs for these exact reasons. 

Because when we say people leave people, we leave people because they’re not caring for us. Not just because they’re jerks. So yes, there are jerks out there, treating people wrong, purposely or just totally wrong for the job. But then there’s people out there that just don’t know how to care for others. And that’s also losing people. Right? So either way, it’s this … again, holding the space for the thought of, will make a difference.

John Verry (44:57):

Yeah. Like you said, even if the person’s not horrible, the problem that we have right now is there’s so much opportunity out there. And if the grass looks like it might be a little greener … realistically, you got to make sure you’re [inaudible 00:45:09] your inclusive culture ideas is fertilizer, right?

Deidre Diamond (45:11):


John Verry (45:12):

Our lawn is going to be the damn greenest lawn within two counties. So someone’s not likely to find greener grass somewhere else. All right.

Deidre Diamond (45:23):

Exactly. It’s hard to bring a positive attitude unless other people are positive too. You can only do that for so long.

John Verry (45:29):

Yeah. It’s-

Deidre Diamond (45:30):

So it’s also a win-win for everybody to enjoy work. We’re going to all die one day, as much as that’s terrible thing-

John Verry (45:39):

Oh, you had … we were having such a nice podcast up-

Deidre Diamond (45:43):

I told you-

John Verry (45:45):

[crosstalk 00:45:45] I told myself don’t go more than 50 minutes with Deidre. I did this the last time, the wheels came, I wrote it down. Deidre 50 minutes wheels went off, I’m looking down at the clock. We’re at 52 minutes or something like that. I should have just cut it off. I’m sorry folks.

Deidre Diamond (46:02):

It’s so true.

John Verry (46:03):

None of you are going to die. None of you are going to die anytime soon, life extension is going on. We’re all going to be able to live in the metaverse forever. Deidre’s wrong. She knows a lot, she doesn’t know about this stuff, guys.

Deidre Diamond (46:17):

I’ll buy us all a spot. Oh, in all seriousness, let’s enjoy this time. We work more than we do anything. And much of this comes from that too. That desire for, I want that and so do others so, thank you.

John Verry (46:32):

This has been fun as always was. You and I had a great time on the last conversation. This was also a great conversation. Anything we didn’t touch on in your model? I think we did a pretty good job.

Deidre Diamond (46:41):

I think we did a great job. I appreciate the time.

John Verry (46:44):

Awesome. All right. So you answered this question the last time, so I’ll give you the out unless you want to do it again. If I remember right, did you give me ER on the amazing or horrible? I’ll give you the question if you don’t want answer it don’t worry. Because I remember you gave me the answer before. What fictional character, real person do you think would make an amazing horrible CISO and why?

Deidre Diamond (47:04):

Oh God. Yeah. Geez.

John Verry (47:07):

We’ll skip it. I told you the wheels came off three minutes ago. So, before you go in some other horribly depressing direction, the reason we should have kindness is because you’re all going to have cancer soon.

Deidre Diamond (47:18):


John Verry (47:20):

So I’ll say yeah, there you go. There you go. If folks are interested in getting in touch with you either about your great recruiting services or your work on inclusive cultures, what’s the best way for them to do that?

Deidre Diamond (47:34):

Email me at [email protected].

John Verry (47:37):

Excellent. They’ve got, like I said, Deidre’s great. Her team’s great. They have some great free stuff out there. Whether or not you are somebody who’s looking to hire someone or even if you’re looking to go to the job market, I know you have some great tools out there that my kids have actually used … as well. So, appreciate you putting that stuff out there for everybody.

Deidre Diamond (47:56):

Thank you. You’re welcome.

John Verry (47:58):

Excellent. Well, this has been fun as always. I look forward to chatting with you again soon.

Deidre Diamond (48:02):

Yay. Me too.

Speaker 1 (48:04):

You’ve been listening to The Virtual CISO Podcast, as you probably figured out, we really enjoy information security. So if there’s a question we haven’t yet answered or you need some help, you can reach us at [email protected] and to ensure you never miss an episode, subscribe to the show in your favorite podcast player. Until next time, let’s be careful out there.