The cybersecurity job market has consistently grappled with a zero-percent unemployment rate and an extraordinarily competitive talent landscape. As the number of jobs in the space continues to outpace the supply of professionals, startups especially are struggling to hire enough cybersecurity talent to support their ambitious growth plans.

What to Look for

When you’re hiring a cybersecurity executive for your startup for the first time, you’re looking for a high-impact individual who can act as a utility player and move quickly to get things done. Although past experience is a helpful indicator, this is a role where they must be comfortable with ambiguity, fit with the culture, and commit to the gritty nature of startup life.

Finding a leader who gained their early career experience at a well-established organization but who is looking to apply what they’ve learned in a new environment is often the best approach. An individual with this type of career path is familiar with best practices but they haven’t stayed long enough in an organization to become institutionalized and accustomed to always doing things a certain way. Additionally, while educational pedigree isn’t necessarily a “must,” a degree from good business school can sometimes be a helpful indicator of intellectual horsepower and curiosity.

Finally, it can be easy to make the mistake of hiring exactly for current needs without understanding how the role will evolve over the next couple of years. You need to be future-focused when hiring for this type of role or you may be ill-prepared for challenges you will face down the road.

What to Avoid

It’s one thing to search for the best-fit cybersecurity professional, but how do you spot red flags that a candidate might not align with your long-term needs? When you’re looking at leaders who have built their careers within big tech companies, this is a particularly important question.

Moving from an established enterprise to a tech startup is a huge adjustment. Leaders are used to having a lot of resources at their disposal and accustomed to bureaucratic decision-making processes. In a startup, the phrase “roll up your sleeves” may be cliché, but it’s deeply accurate. Decisions need to happen quickly and even the leaders need to get their hands dirty.

To successfully manage this shift, executives must have both the motivation and the ability to pivot. Is their heart really in it or are they after a shiny object to add to their resume? What specific examples can they share of experiences that might look similar to startup life? Make sure to ask their references similar questions to confirm their answers.

How to Attract Cybersecurity Talent

Because the cybersecurity talent market is so competitive, there has been consistent upward pressure on it. However, early-stage startups can’t always compete on cash compensation. Instead, the financial value proposition for talent is much more heavily weighted towards equity in the company. Yet, attracting and retaining cybersecurity leaders in a startup environment goes deeper than compensation. Tapping into vision, values, and passion is going to be a key strategy. The opportunity to make a significant contribution, as well as develop and stretch their professional experience in order to grow further in their careers will also be important.

Finally, given such a hyper-competitive market, you need to be prepared to act quickly and decisively in hiring decisions to fill positions with the best talent available. Developing the mindset and processes to facilitate a quick and smooth recruiting process, without negatively impacting the quality of candidate assessments, and being prepared organizationally to make compelling offers, can be the difference between landing and just missing out on top talent. 

Increasing Diversity

The tech scene is historically homogenous, which has created a lack of diversity at a macro level. There’s limited diversity in the talent pool, and even the most merit-based, objective hiring processes will struggle to attract, find, and hire diverse candidates. With that said, attracting a more diverse talent base is going to require a compelling opportunity, as well as a commitment to practicing what you preach when it comes to diversity. When candidates go to your website and check out your team on LinkedIn, what are they going to find? It’s one thing to talk about diversity; it’s another thing to demonstrate it. These are key considerations when hiring cybersecurity startup leaders.

How to Encourage Success

How long do you give a cybersecurity executive to step into their new role and get up to speed? The short answer is that it depends. In general, it usually takes a good 90 days to get their sea legs and feel comfortable about contributing in meaningful ways. The onboarding process is going to be a critical step in helping this person be successful; they should have dedicated time to get to know stakeholders, connect with colleagues, and navigate the policies and politics of the company. An effective 30-60-90-day plan should position them for a successful first year in the role.

Are you looking for cybersecurity executive talent for your business? Reach out to JM Search to get started.

Insights in your inbox

Stay up to date on the latest trends and insights shaping the executive search landscape from JM Search’s Blog.