Spotlight: A Look Through the Eyes of an Executive Recruiter at the Cybersecurity Sector

January 13, 2023 – As a partner at SPMB, Radley Meyers works with a variety of leading technology and tech-enabled-services companies, placing senior-level executives at venture capital-funded, private equity-backed, and publicly traded companies. A key area that he brings extensive knowledge and expertise to is SPMB’s security and data-related search work.

Mr. Meyers leads both functional searches (CISO, CDO, and VPs defining security and data strategy), and also builds out executive teams at top security software and data companies. The comprehensive nature of his work—on both the software vendor and the operating side—gives him a unique and in-depth understanding of today’s market that, in turn, helps drive successful outcomes for his clients. Mr. Meyers recently sat down with Hunt Scanlon Media to discuss what he is seeing in the supply and demand for cybersecurity leaders and how their role has evolved in recent years.

Give us an overview of the market for cybersecurity recruiting.
The market remains extremely hot for security professionals, which is no surprise given the high profile headlines around security events we see on an almost daily basis. So, while hiring has slowed for other executive functions, savvy companies are ramping up their efforts around security hiring — and are also upleveling their existing security team and resources to get more from the function. In fact, I am seeing a lot of companies look at their CISO and think: How can we broaden the role of security in our organization? The answer to this question varies depending on the company — but I’ve seen CISOs take over IT, data, product, engineering, and sales teams. Again, a CISO’s remit depends heavily on the industry and future vision of the company, but there is no question that the role is expanding meaningfully and quickly.

Any other trends that you are witnessing?
The other theme worth noting is companies are exploring hiring a true CISO (vs. a director or “head of”) much earlier in their growth cycle. Historically, an upcoming IPO triggers the hiring of a CISO. Comparatively, earlier stage companies/startups tend to leverage more junior security leaders as they begin to scale. However, given the themes noted above paired with the complexity around international/global growth and the regulatory requirements tied to that growth, companies are bringing more tenured talent in-house earlier on in their growth journey.

Why is this sector so important to all companies and organizations?
The rise of the CISO and companies prioritizing the importance of the broader security organization has been encouraging, and perhaps long overdue. Historically, the most highly regulated industries like healthcare and financial services have prioritized security and helped lead the way. Today, in a digital first world, there is so much information and data at risk that every company, big or small, is having to evaluate their security posture and mature their security programs accordingly. Customers and consumers want to know that their data is protected and that by being a customer or a partner they are not at risk. Having a security leader who is capable of building a strong program, and also has the ability to convey this strategy to customers is both critical and highly sought-after. Security is no longer (and probably never should have been) a “behind the scenes” function; instead, it is now fully entrenched in the sales, product, legal, and technology organizations. As companies continue to recognize the damage that security events have on their brand (and bottom line), the more investment they will make into the function.

What are some challenges you are seeing in the market for these top executives?
The market is evolving quickly, but certain things are going to take some time to catch up — one of which is the wide spectrum with regard to compensation. You’re seeing CISOs with similar job scopes, within the same industry, at similar scale with drastically different compensation models. I believe the next shoe to drop, that will help establish more compensation consistency, is an updated reporting structure for CISOs and security executives.

Are CISOs today reporting directly to the CEO?
Today a small percentage of CISOs report directly to the CEO. However, this number is growing steadily as companies see the value in their security executive having a direct line to the CEO. It no longer makes sense to have your CISO buried two to three levels below the CEO where their influence and impact is minimized. Security executives need a seat at the table in order to protect their organizations and their customers from the onslaught of cybersecurity threats that only continue to grow year after year. This notion is being reaffirmed by the SEC and their proposed new cybersecurity disclosure rules for public companies that stress the importance of cybersecurity expertise and inclusion on boards as a critical part of corporate governance and board oversight going forward.

What is the current demand for CISOs?
The demand is as high as it’s ever been — and for good reason. Given the massive implications of high profile cybersecurity events like SolarWinds and Log4j, or even the news cycle surrounding Uber and Twitter security leadership, boards are hyper aware of the need for top-tier security leadership. That said, there is a finite number of “been there, done that” CISOs available today who fit the modern CISO profile, meaning that they can effectively work with product, sales, IT, etc. The demand definitely outweighs today’s supply, which creates a bit of a void, but it also puts even more pressure on companies and leaders to develop a strong bench of future security leadership. This requires investment and commitment to growing and maturing security programs at most companies that have reached a certain scale across all industries.