The Hunt for Cyber Technology Leaders Heats Up as Risks Multiply
March 1, 2021 – With technology has come the insatiable – and merciless – need for talent. Having the right leaders and teams in place is now more critical than ever. Cyber technology leaders appear in various forms: chief information security officer (CISO), chief information risk officer, chief security officer (CSO), VP information security, chief trust officer, chief information officer (CIO), chief technology officer (CTO) and many others. These executives are vital, front line leaders facing down increasingly numerous and sophisticated threats. Their job is to secure both the enterprise and its external products and solutions. They report to boards of directors and management committees on a regular basis, are considered strategic assets to be leveraged, and increasingly give organizations their competitive advantage. The cost of hiring one is rising – and that is good news to the scores of executive recruiters who hunt them down for clients around the globe.
Cybersecurity threats are increasing in number, persistence and sophistication. One reason: Organizations have become progressively more reliant on digital infrastructure. Whether it is a consumer threat or state-sponsored action, more bad actors are finding new entry points to access sensitive data and disrupt key operations. Governments, businesses and consumers now recognize the seriousness of cyber threats and that has made ‘cyber resilience’ a sustained board-level agenda item, according to a recent report by Odgers Berndtson.
The global spend on cybersecurity technology platforms and services is at an all-time high and is predicted to continue in its exponential rise. Global spend on compensation packages that are being assembled to lure top cybersecurity and tech leaders is also rising aggressively, according to a just-released pay report from Caldwell. Driving it all is a burgeoning ecosystem being put in place to respond to threats rapidly and with increasing innovation. Executive recruiters specializing in the sector are, for the most part, largely encouraged by the ever-growing demand for cybersecurity and tech talent, though an array of challenges come with filling these crucial roles.
“One is weak talent pipelines, a result of the sector being so new,” said Matt Comyns, cybersecurity sector leader at Caldwell. What’s more, the pandemic has had a big impact across the field, putting a temporary crimp in hiring and changing the very nature of searches. One positive outgrowth of the crisis: Companies are using this down time to reassess and reconfigure their operations. 2021 should see an explosive growth curve once again for recruiting leaders up and down the cyber technology vertical.
“Current demand for cybersecurity executives is strong and will only strengthen over the next few years,” said Hugo Fueglein, a managing director in New York for Diversified Search Group and a member of the firm’s global CIO practice. “The skill-sets we seek for current cybersecurity leaders have changed dramatically over the past few years. Today, we seek leaders who are not only cybersecurity architects with strong technical skills but who also have the ability to champion proactive cybersecurity programs in front of the board and other executive business leaders.”
Common Challenge
A number of factors contribute to the challenges of recruiting cybersecurity leaders, Mr. Fueglein said. “One relates to how much more important cybersecurity is to the value of any business. Organizations across all industries are moving rapidly into the digital world and they can no longer be reactive, but proactive. This has been amplified by the COVID-19 crisis and the rapid migration to remote digital workforce technologies.”
Companies of all sizes, from Fortune 500 to family-owned businesses, share a common challenge – cybersecurity risks. “Cybersecurity is important as a function because it’s how we protect our information, our physical and financial assets, our IP and our health,” said Deidre Diamond, the founder and CEO of CyberSN and founder of Security Diversity. Hiring and retaining cybersecurity talent is challenging under the best of circumstances, said Ms. Diamond, who noted that at any given time there are 500,000 open roles across the sector in the U.S. alone.
“Talent demand is very high and growing,” Ms. Diamond said. “With organizations investing in risk assessments and breaches occurring more often we are beginning to see more executive investment.” Director roles, she added, are specifically in higher demand. “We are also seeing leadership investments being made by smaller companies as they recognize that it is not only the larger companies being targeted by cyber thieves.” Top executive-level cyber roles are difficult to recruit for, she added, “because most organizations don’t know exactly what they need.” The role of a CISO or CSO at one company may not be the same at another, she said. “In fact, the profile can vary between 26 different types of skills. A lack of standardization of job titles is a major contributing factor.”
Security Complexity
For larger organizations, the CISO role is critical. Just 15 years ago, half of the Fortune 500 had someone dedicated to this function. Now they all do. “When you’re looking at sub-Fortune 500 companies, many still don’t have a cybersecurity executive managing all those responsibilities,” said Paul Manning, managing director, software, and technology at The Bowdoin Group. “What we have seen is that role is distributed across a number of functions, like technology or finance, and those executives will own pieces of it throughout the organization because it’s an incredibly complex and encompassing role.”
Mr. Manning said that different companies have varying security and compliance concerns – some with their clients or customers’ data, others with just general internal business processes and employee data. Healthcare or financial services companies, for example, have regulatory bodies that have compliance regulations they have to follow. “The biggest challenge is the complexity of security at these companies, and that impacts the executive role being hired,” he said.
Related: Cybersecurity Leadership Role Evolves to Meet New Threats
According to Mr. Manning, state-sponsored attacks are changing the game in cybersecurity warfare. The evolution of the function – and what is happening under the function – has changed dramatically in the last 10 to 15 years, and demand for talent has completely outstripped the supply. “Cyber and tech executives have a massive challenge around being able to keep up and one step ahead,” he added. Today’s top technology leaders have highly analytical minds and are strategic thinkers, according to recruiters on the hunt for the best and the brightest. “At the end of the day, it is a race to stay ahead of the bad guys, and that’s a big role for one individual,” he said.
Skill-set Shift
“Before the pandemic, most industries were experiencing growth and adding senior-level information technology professionals,” said Gary Erickson, managing partner of Executive Search Partners in Sarasota, FL. “We were having an excellent year.” But then everyone stopped hiring. With the pandemic came big changes in the recruiting process itself. “Almost all interviewing moved from in-person to remote and some companies said they were willing to consider remote-based candidates.” For roles so ingrained in corporate structures, where facetime matters, that was a significant shift in thinking.
“Organizations have gained a new appreciation for the impact that IT has had, and can have, on their business,” Mr. Erickson said. “IT’s ability to rapidly enable remote work for all employees saved jobs and lives. IT’s ability to rapidly implement systems to remotely engage with customers saved businesses. CEO are now asking – what else can IT do for my business? What can IT do to more rapidly implement the kinds of technology enabled processes that increase customer sales and improve company effectiveness and resiliency?” That has raised the stature of IT leaders and increased the bar for recruiters to hunt down the best ones.
Business Enablers
“COVID-19 shined a massive light on the technology function,” said Brandon Biegenzahn, president of McDermott + Bull and chair of the firm’s financial services practice group. “There were those organizations and those technology leaders who were prepared, and those who were not.” The technology chiefs who were prepared, he said, have been celebrated within their organizations.
Security Threats Create Talent Challenges, Opportunities
Cybersecurity might well be the greatest challenge facing corporate America today. The threat to reputation, private information and dollars — both from immediate theft and the cost of repairing the damage of a cyber-attack — can be staggering.
“It has allowed the technology functions to be seen as true business enablers and no longer cost centers – a huge win for the function,” Mr. Biegenzahn added. The organizations that were caught flat-footed are looking to the marketplace for talent. “While replacing a technology leader is one option, the blame shouldn’t be placed on one individual alone,” he said. “Executive teams need to look at their willingness to invest in technology. No matter how good the leader, without the budget to effectuate change, they will not have the ability to be effective.”
Related: Cybersecurity Hiring Crisis Fueled by Lackluster Salaries
M&A Activity
“While much of the recruitment market has been relatively turgid over the past six months due to the ongoing uncertainty caused by the coronavirus pandemic, there have been some pockets of increased activity, and the technology sector is a clear winner in this respect,” said Zarina Contractor, a partner at Wilton & Bain in London. “Demand for technology services has remained largely undiminished by COVID-19, partly due to the stability provided by large, multi-year transformation and managed services programs where spend has already been budgeted for and contractually agreed to, and partly as many organizations continue to view investment into technology, particularly new, innovative, digital topics, as essential for their future survival.” Additionally, she added, the increase in remote working caused by national lockdowns around the world has led to further demand for support around digital workplace services – and associated cybersecurity issues.
Caldwell Unveils Benchmarking Data Behind the CISO Role
In an environment where chief information security officers are increasingly part of the C-suite, and are viewed as business risk executives, time is scarce, and accurate, real-time aggregated benchmarking data is difficult to find, according to a new report by cybersecurity practice leaders at Caldwell and security research firm IANS Research.
The CISO study focuses on compensation for the role, security program budgeting and overall job satisfaction. As first-movers in the cybersecurity recruiting space, Matt Comyns and Steve Martano of Caldwell’s cyber practice have had a seat on the ground floor of the information security leadership revolution. Focused on recruiting CISOs and CISO direct reports for Fortune 500 companies, they have helped bring aboard security leaders for some of the world’s best known brands and companies. As security has moved to the forefront of private equity and venture capital groups, they continue to do more and more for private companies looking to build a program from the ground up.
“The strong financial performance of many technology sector companies has meant that they continue to invest in senior hires, particularly those that will help them to gain or maintain market advantage in innovation topics – and many of the larger players are also investing heavily in M&A activity,” Ms. Contractor said. “The recruitment process itself has also been less adversely affected by COVID-19 in technology companies, as they are already accustomed to working virtually with colleagues in multiple locations” This has meant that virtual interviewing is less alien or unwieldy than in other sectors. “We would anticipate continued appetite for investment in senior talent acquisition from technology sector companies, although the majority of the activity is likely to come from the largest players in the market, who have the greatest cash reserves.”
“We’re seeing clients from almost every market emphasize the enhancement of their digital platforms,” said Marc Gasperino, leader of the digital practice at ON Partners. “In many cases digital business models are carrying organizations right now. Companies that underinvested in digital platforms are starting to chase lost revenues that mean more now than before and while hiring has been frozen or slowed down in other functions, digital product, engineering, data/analytics, user experience and cybersecurity are being prioritized. Unfortunately, since many of these companies are going through difficult financial times, they are struggling to meet the compensation requirements of the talent they need.”
“Companies that have already invested and are winning the digital business wars are trying to take advantage of recruiting talent from suffering markets like travel, hospitality and retail,” Mr. Gasperino said. “They are also driving initiatives to expedite the long process of hiring and developing diverse leadership within technology functions.” ON Partners has been hired to drive several ‘diverse only’ engagements for global market leaders since the beginning of the COVID-19 pandemic.
“I’m aligned with my clients who see COVID-19 as a temporary setback but one that has allowed them to reassess strategy, go-to-market, and product-market mix, among other things,” said Seth Harris, a partner with ON Partners. “Over the past 12 months the reliance on strong financial acumen (CFOs), product/solution rationalization or development (chief product officers), and revenue generation (CRO) will continue to be in demand. That is followed by CHROs who bring vision and guidance to the C-suite in navigating the needs of the existing workforce in light of COVID and beyond, hiring top talent whether pre-identified via a formal search or not, and the creation of a platform that assess talent demand shifts, best-in-class training, and a better level of engagement with the workforce.”
Related: Hacking the Cybersecurity Talent Shortage
Contributed by Scott A. Scanlon, Editor-in-Chief; Dale M. Zupsansky, Managing Editor; and Stephen Sawicki, Managing Editor – Hunt Scanlon Media