December 31, 2020 – With technology has come the insatiable – and merciless – need for talent. Having the right leaders and teams in place is now more critical than ever. Cyber technology leaders appear in various forms: chief information security officer (CISO), chief information risk officer, chief security officer (CSO), VP information security, chief trust officer, chief information officer (CIO), chief technology officer (CTO) and many others.
These executives are vital, front line leaders facing down increasingly numerous and sophisticated threats. Their job is to secure both the enterprise and its external products and solutions. They report to boards of directors and management committees on a regular basis, are considered strategic assets to be leveraged, and increasingly give organizations their competitive advantage. The cost of hiring one is rising – and that is good news to the scores of executive recruiters who hunt them down for clients around the globe.
Cybersecurity threats are increasing in number, persistence, and sophistication. One reason: organizations have become progressively more reliant on digital infrastructure, according to Odgers Berndtson. Whether it is a consumer threat or state-sponsored action, more bad actors are finding new entry points to access sensitive data and disrupt key operations. Governments, businesses, and consumers now recognize the seriousness of cyber threats and that has made ‘cyber resilience’ a sustained board level agenda item, said the search firm in a recent report.
The global spend on cybersecurity technology platforms and services is at an all-time high and is predicted to continue in its exponential rise. Global spend on compensation packages that are being assembled to lure top cybersecurity and tech leaders is also rising aggressively, according to a just-released pay report from Caldwell. Driving it all is a burgeoning ecosystem being put in place to respond to threats rapidly and with increasing innovation.
Executive recruiters specializing in the sector are, for the most part, largely encouraged by the ever-growing demand for cybersecurity and tech talent, though an array of challenges come with filling these crucial roles. “One is weak talent pipelines, a result of the sector being so new,” said Matt Comyns, cybersecurity sector leader at Caldwell. What’s more, the pandemic has had a big impact across the field, putting a temporary crimp in hiring and changing the very nature of searches. One positive outgrowth of the crisis: companies are using this down time to reassess and reconfigure their operations. 2021 should see an explosive growth curve once again for recruiting leaders up and down the cyber technology vertical.
“Current demand for cybersecurity executives is strong and will only strengthen over the next few years,” said Hugo Fueglein, a managing director in New York for Diversified Search Group and a member of the firm’s global CIO practice. “The skillsets we seek for current cybersecurity leaders have changed dramatically over the past few years. Today, we seek leaders who are not only cybersecurity architects with strong technical skills but who also have the ability to champion proactive cybersecurity programs in front of the board and other executive business leaders.”
A number of factors contribute to the challenges of recruiting cybersecurity leaders, Mr. Fueglein said. “One relates to how much more important cybersecurity is to the value of any business. Organizations across all industries are moving rapidly into the digital world and they can no longer be reactive, but proactive. This has been amplified by the COVID-19 crisis and the rapid migration to remote digital workforce technologies.”
Companies of all sizes, from Fortune 500 to family-owned businesses, share a common challenge – cybersecurity risks. “Cybersecurity is important as a function because it’s how we protect our information, our physical and financial assets, our IP, and our health,” said Deidre Diamond, the founder and CEO of CyberSN and founder of Security Diversity. Hiring and retaining cybersecurity talent is challenging under the best of circumstances, said Ms. Diamond, who noted that at any given time there are 500,000 open roles across the sector in the U.S. alone.
“Talent demand is very high and growing,” Ms. Diamond said. “With organizations investing in risk assessments and breaches occurring more often we are beginning to see more executive investment.” Director roles, she added, are specifically in higher demand. “We are also seeing leadership investments being made by smaller companies as they recognize that it is not only the larger companies being targeted by cyber thieves.” Top executive-level cyber roles are difficult to recruit for, she added, “because most organizations don’t know exactly what they need.” The role of a CISO or CSO at one company may not be the same at another, she said. “In fact, the profile can vary between 26 different types of skills. A lack of standardization of job titles is a major contributing factor.”
For larger organizations, the CISO role is critical. Just 15 years ago, half of the Fortune 500 had someone dedicated to this function. Now they all do. “When you’re looking at sub-Fortune 500 companies, many still don’t have a cybersecurity executive managing all those responsibilities,” said Paul Manning, managing director, software, and technology at The Bowdoin Group. “What we have seen is that role is distributed across a number of functions, like technology or finance, and those executives will own pieces of it throughout the organization because it’s an incredibly complex and encompassing role.”
Mr. Manning said that different companies have varying security and compliance concerns – some with their clients or customers’ data, others with just general internal business processes and employee data. Healthcare or financial services companies, for example, have regulatory bodies that have compliance regulations they have to follow. “The biggest challenge is the complexity of security at these companies, and that impacts the executive role being hired,” he said.
According to Mr. Manning, state-sponsored attacks are changing the game in cybersecurity warfare. The evolution of the function – and what is happening under the function – has changed dramatically in the last 10 to 15 years, and demand for talent has completely outstripped the supply. “Cyber and tech executives have a massive challenge around being able to keep up and one step ahead,” he added. Today’s top technology leaders have highly analytical minds and are strategic thinkers, according to recruiters on the hunt for the best and the brightest. “At the end of the day, it is a race to stay ahead of the bad guys, and that’s a big role for one individual,” he said.
“Before the pandemic, most industries were experiencing growth and adding senior-level information technology professionals,” said Gary Erickson, managing partner of Executive Search Partners in Sarasota, FL. “We were having an excellent year.” But then everyone stopped hiring. With the pandemic came big changes in the recruiting process itself. “Almost all interviewing moved from in-person to remote and some companies said they were willing to consider remote-based candidates.” For roles so ingrained in corporate structures, where facetime matters, that was a significant shift in thinking.
“Organizations have gained a new appreciation for the impact that IT has had, and can have, on their business,” Mr. Erickson said. “IT’s ability to rapidly enable remote work for all employees saved jobs and lives. IT’s ability to rapidly implement systems to remotely engage with customers saved businesses. CEO are now asking – what else can IT do for my business? What can IT do to more rapidly implement the kinds of technology enabled processes that increase customer sales and improve company effectiveness and resiliency?” That has raised the stature of IT leaders and increased the bar for recruiters to hunt down the best ones.
Overall, he said, the market for IT people is down. “Some industries like healthcare, consumer products, and distribution are now beginning to add people,” Mr. Erickson said. “In other industries, including automotive, travel, and entertainment, markets are still very weak.”
He thinks the market for IT roles will improve in 2021, but the background and skillsets that companies will be seeking in senior level IT leaders will continue to shift from pure tech-focused leaders to those with more IT savvy. “This is most evident at the CIO position, but it has significant implications for all senior level IT positions,” he said. “We see a shakeout in senior level IT positions over the next year or two and an increasing number of placements will come from outside of IT.”
“COVID-19 shined a massive light on the technology function,” said Brandon Biegenzahn, president of McDermott + Bull and chair of the firm’s financial services practice group. “There were those organizations and those technology leaders who were prepared, and those who were not.” The technology chiefs who were prepared, he said, have been celebrated within their organizations.
“It has allowed the technology functions to be seen as true business enablers and no longer cost centers – a huge win for the function,” he added. The organizations that were caught flat-footed are looking to the marketplace for talent, he said. “While replacing a technology leader is one option, the blame shouldn’t be placed on one individual alone. Executive teams need to look at their willingness to invest in technology. No matter how good the leader, without the budget to effectuate change, they will not have the ability to be effective.”
Technology chiefs must be prepared to handle an even greater dependence on their systems, said Mr. Biegenzahn. “Stress testing systems has become paramount. Ultimately, leadership is the most critical component of the CISO/CTO role. Technology serves as the backbone for nearly every, if not every, company in today’s world. Technology chiefs must be able to manage up and down, including gaining buy-in to their roadmaps from executive leadership and adoption once the roadmaps are implemented.”
“A track record of success guiding organizations through difficult times can provide insight into an executive’s ability and willingness to lead during times of massive disruption,” Mr. Biegenzahn said. “While we cannot look back to situations that emulate our global pandemic, we can look at a variety of situations – from the recession, to mergers, to bankruptcies, and turnarounds – to determine if a technology chief is prepared to handle the stress of the new normal.”
Managing Digital Transformation
The CISO function has grown in importance and prevalence over the last decade, and it will continue to do so in the years to come. “Nearly every company today, regardless of industry, is looking to undergo some form of digital transformation,” said Jared Moriarty, managing director for McDermott + Bull. “In an increasingly virtual world, having the right leader to protect your company’s intelligence is crucial. The CISO ensures that all of the company’s information and data is secure, which is necessary to function competitively.”
“Five to 10 years ago, the role of a CISO was more likely to seem like a mundane IT security administration position reporting up through the IT department,” said Mr. Moriarty. “Now, the role plays a strategic part in leading high-level risk management, often reporting to the CEO or board of directors. As technology becomes more and more powerful, and as companies of all types become more reliant on data analytics and interdependent IT systems, the responsibility of ensuring that all information security risks are properly mitigated, and that product strategy is aligned with proper security that will protect innovation, is vital to the function of any company.”
“While much of the recruitment market has been relatively turgid over the past six months due to the ongoing uncertainty caused by the coronavirus pandemic, there have been some pockets of increased activity, and the technology sector is a clear winner in this respect,” said Zarina Contractor, a partner at Wilton & Bain in London. “Demand for technology services has remained largely undiminished by COVID-19, partly due to the stability provided by large, multi-year transformation and managed services programs where spend has already been budgeted for and contractually agreed to, and partly as many organizations continue to view investment into technology, particularly new, innovative, digital topics, as essential for their future survival.” Additionally, she added, the increase in remote working caused by national lockdowns around the world has led to further demand for support around digital workplace services – and associated cybersecurity issues.
“The strong financial performance of many technology sector companies has meant that they continue to invest in senior hires, particularly those that will help them to gain or maintain market advantage in innovation topics – and many of the larger players are also investing heavily in M&A activity,” Ms. Contractor said. “The recruitment process itself has also been less adversely affected by COVID-19 in technology companies, as they are already accustomed to working virtually with colleagues in multiple locations” This has meant that virtual interviewing is less alien or unwieldy than in other sectors. “We would anticipate continued appetite for investment in senior talent acquisition from technology sector companies, although the majority of the activity is likely to come from the largest players in the market, who have the greatest cash reserves.”
“We’re seeing clients from almost every market emphasize the enhancement of their digital platforms,” said Marc Gasperino, leader of the digital practice at ON Partners. “In many cases digital business models are carrying organizations right now. Companies that underinvested in digital platforms are starting to chase lost revenues that mean more now than before and while hiring has been frozen or slowed down in other functions, digital product, engineering, data/analytics, user experience and cybersecurity are being prioritized. Unfortunately, since many of these companies are going through difficult financial times, they are struggling to meet the compensation requirements of the talent they need.”
“Companies that have already invested and are winning the digital business wars are trying to take advantage of recruiting talent from suffering markets like travel, hospitality and retail,” Mr. Gasperino said. “They are also driving initiatives to expedite the long process of hiring and developing diverse leadership within technology functions.” ON Partners has been hired to drive several ‘diverse only’ engagements for global market leaders since the beginning of the COVID-19 pandemic.
“I’m aligned with my clients who see COVID-19 as a temporary setback but one that has allowed them to reassess strategy, go-to-market, and product-market mix, among other things,” said Seth Harris, a partner with ON Partners. “Over the past 12 months the reliance on strong financial acumen (CFOs), product/solution rationalization or development (chief product officers), and revenue generation (CRO) will continue to be in demand. That is followed by CHROs who bring vision and guidance to the C-suite in navigating the needs of the existing workforce in light of COVID and beyond, hiring top talent whether pre-identified via a formal search or not, and the creation of a platform that assess talent demand shifts, best-in-class training, and a better level of engagement with the workforce.”