Next-Level Leadership: Strategies for Building a Strong Cybersecurity Talent Pipeline

While it’s widely accepted that the demand for cybersecurity services outpaces the supply of global talent, the causes of and solutions to this imbalance are the subjects of much debate. One thing is for sure, though: cybersecurity leaders have an important role to play in the development of the security workforce of the future.

In this virtual fireside chat, Mindgrub’s Todd Marks and VP & CISO of Ciena Andy Bonillo sat down with 18 leaders in the cybersecurity sector to discuss topics such as attracting, retaining, and growing teams, challenging the cybersecurity skill gap, building diverse teams, the importance of employer brand, and more.

Hear the full conversation in this video, or scroll on to read the highlights.

To kick off the discussion, we asked our roundtable of leaders what topic they were most excited to examine with their peers.

The number one most cited concern was the skills gap that exists in the cybersecurity industry, and other pain points included diversity and the challenges associated with attracting, retaining, and growing teams. Read on for insights from expert CIOs, CISOs, and the like.

The qualities of a strong leader

We’ve all experienced good and bad leaders over the course of our careers. Andy boils leadership down into five focus areas.

1. You have to be grateful. People are placing their careers in your hands. Don’t forget that it is a true privilege to be chosen to lead.
   
   
2. Focus on being genuine. Allow people to be themselves and create an environment and a culture that enables them to thrive.
   
   
3. Be giving of your time, your knowledge, and your whole self. And when times are tough, gifts don’t hurt either.
   
   
4. Get in there. Be a part of the team. Get your hands dirty and solve the tough problems right alongside your team.
   
   
5. Be gritty. Don’t be afraid to grind it out. Have a first in and last out mentality.

Attracting talent

Start building your personal brand and expanding your network. Keep up with people. Follow their careers. It’s a thoughtful way to show that you value that person and you recognize something in them as an individual. Plus, it adds a personal touch when you do reach out.

To an extent, attracting talent is stealing talent - there’s 0% unemployment in cybersecurity right now. You have to be the leader people want to follow and have a mission people want to get behind, Andy shared.

This is also one of the many places employer branding comes into play. Find what makes your company special and promote that! Use it to attract, retain, and grow. You want the answer to where else can you do (insert specialty here)? to be your company.

Selling people on how cool the cyber industry is shouldn’t be a hard thing. If you can tell your story well (again, is where marketing comes in), you should be able to find folks willing to join your team. As Andy said,

“We have the coolest job in the world, right? They make movies about what we do...the news cycle is faster than what they can write in Hollywood.”

Retaining talent

Learn from your previous experiences, and don’t be afraid to ask how do we make this better? Encouraging others to do this will make sure they are thinking inquisitively. Those who are are probably your top-performing talent. To retain them, you’ll want to keep them constantly thirsty by fostering an environment of innovation and flexibility. If the culture of your organization as a whole isn’t necessarily innovative, you can still foster small pockets of innovation, even in larger bureaucracies.

Above all, be genuinely interested in the person’s long-term success. Be realistic about their growth and what is right for them. If they become unhappy, or they’ve peaked, help them out, even if it means helping them find a new role elsewhere.

Growing diverse teams

Be on the lookout for ways to bring in new perspectives. You can’t build the perfect person; instead, focus on building the perfect team. Find skills that work together and overlap. One of the best things about working from home is the expansion of the talent pool, too.

A diverse team has a more diverse outlook. A key step to fostering diversity is making sure you have an accepting environment that people will feel comfortable in.

As you bring folks together with varied backgrounds, one of, if not the number one rule is to check your ego at the door. Everyone’s point of view is valid.

Building soft skills

Soft skills like communication and storytelling are also essential to advancing one’s career. As a leader, you can help your reports grow by providing resources. Whether it’s access to a business coach, mentorship, meetings with leadership, brainstorming sessions - “whatever can be done to get them more access to folks like all of us on this call,” Andy concludes.

Speaking the language of business

Business cases are an underutilized tool in this industry. Oftentimes in cybersecurity, we focus on technology or the problem at hand, and we forget to speak the language of business.

“The sooner you can do that and make cyber a business problem and communicate it in business terms, [the greater] your ability to grow your capabilities, grow your teams, have the resources to train your people on the cool things, give them more tech to play with, send them to more training, build your headcount, et cetera et cetera,” Andy pointed out.

Regardless of who you report to, you need to be able to translate cyber risk into business terms. The next generation of leaders in cybersecurity will be business-minded cyber executives.

Advice for the next generation of cyber leaders

To close out our roundtable discussion, we asked these cyber leaders what advice they would share with recent cybersecurity graduates or those looking to carve their path in the industry. Here’s what they had to say:

• The best engineer, the one that I want to hire, is the one that's playing with this at home in their free time. So my biggest advice is to have a lab or a server.
  
  
• The other thing I would highly recommend is to get into capture the flags. That's the number one way that the defense companies and contractors recruit. On the flip side, if companies want to recruit and pull in that talent, they should stand up their own capture the flag competitions.
  
  
• Technical is great, but be as business-centric as you can be. Learn the industry you are in as you possibly can. The best thing we can do in this industry is not make it a technical industry, but make it a business risk industry.
  
  
• It’s not all about technology. I was a history major. There are so many different ways into this community. I wouldn't discourage people from getting into cybersecurity because they don't have a cyber background.
  
  
• Don’t be afraid to fail. That’s the best way to grow. Failure is not a bad thing. Constant learning is the trait that defines success. If I can get people to learn just that, they win.Fail forward.
  
  
• Don’t try to fit yourself in a role - find what you’re passionate about. If you want to be in cyber and you haven't been ripping things apart and trying to figure out how to do it: why are you trying to be in cyber? Look at what’s motivating you.
  
  
• Get on the bus and stay on the bus - get on, learn, network, find someone who can guide you. Leaders embrace feedback. You have to process it and decide what you’ll take and learn.

Curious about our work with cybersecurity brands? Learn more at mindgrub.com/cybersecurity.