FREE Sample issue of the $97/month Security Sanity™ Newsletter

Seasoned security professional, Founder of Archistry and advisor to security leadership in some of the world's largest companies is GIVING AWAY over 35 tips, secrets and solutions to solving one of the biggest challenges facing the security industry today—how to hire and retain top cybersecurity talent. Use the form below to get Andrew's daily security leadership tips and a downloadable copy of his flagship, $97/month Security Sanity™ newsletter—absolutely free.

Andrew S. TownleyAndrew S. Townley, Archistry's Founder and CEO

...or, you can also feel free to say:


That's perfectly fine too. You can always head on over and read some of the advanced security leadership tips I've written lately on the blog.


  • The #1 WORST thing you can put in a cybersecurity job description when you’re trying to hire a security architect (even if you have the coolest company culture in the world and an unlimited hiring budget).
  • Why you should (almost) never use the NICE Cybersecurity Workforce Framework task descriptions as the basis for hiring cybersecurity professionals (and what to use instead).
  • The only time it’s actually OK to build a cybersecurity fiefdom (and what you have to be thinking if you want your organization to support it).
  • Clear and straightforward cybersecurity recruiting advice that will instantly put you ahead of all the other organizations desperately trying to fill their own open positions.
  • The real truth about the cybersecurity talent crisis that may be hard for you to swallow.
  • An almost foolproof way to discover the EXACT cybersecurity talent gaps present in your team right now (and get a crystal clear picture of precisely who you need to hire next).
  • The often overlooked difference between planning and operations that can catastrophically undermine the effectiveness of your entire security team.
  • 3 things you must do if you want to eliminate your cybersecurity talent problems forever.
  • How to correctly use the NIST CSF and Cybersecurity Workforce Framework when you’re planning your cybersecurity team’s daily tasks.
  • A very simple tactic to figure out why you’re REALLY short of cybersecurity staff (and the great myth that got you there).
  • Why your team should be the LAST place to go to figure out what’s missing from your cybersecurity talent pool.
  • How not to be seduced by security certifications.
  • The secret truth about the sexiest and most sought-after cybersecurity positions that job-seekers don’t want you to know.
  • A very important (but almost unknown) “trick” which will help you evaluate the true RELEVANCE of a candidate’s security certifications when they apply for a job.
  • The often unrecognized and underestimated problem with security activities being performed outside of a formalized security function.
  • How to ethically “rig” the interview process so that you’re sure you’re hiring the right person for the job. 
  • The “worst case scenario” of what happens when you promote the wrong type of person to a leadership position.
  • The greatest secret of the security profession that, when you discover it, will make you finally appreciate why filling cybersecurity positions is so hard (and the unfortunate fact that is unlikely to make it any easier in the near future).
  • A clear and succinct introduction to the SABSA® security framework that might challenge what you think you already know about it.
  • Why it’s so important to correctly understand the true role of security operations that even experienced security professionals get wrong (and how this impacts not only who you hire but the overall effectiveness of your entire cybersecurity program).
  • The single – but surprising – thing that may be missing in your security organization (and a complete description of how to fill that gap you start using immediately).
  • Yet one more example of why widely-recognized “best practice” often falls short when you actually try to put it to work for you.
  • A simple little tip that can dramatically simplify the structure of your security team (and the way you hire them).
  • How to provide your team with an awesome cybersecurity career path (even when you don’t have a lot of people).
  • The 17 critical roles required to successfully apply and adopt the SABSA® security framework.
  • An easy, 3 step process you can use ANY time you need to diagnose performance problems in your team.
  • How you can ethically and practically give your cybersecurity hiring problems to someone else (and it’s probably not who you’re thinking of right now).
  • The truth of the “cybersecurity commando” (and the ONE question you need to answer if you think you need them).
  • Potential danger signs lurking behind a candidate’s security certifications.
  • How “spray and pray” gets in your way when looking for security talent.
  • The 3 LEAST understood titles in the cybersecurity job market (and some tips for clearing up the confusion).
  • How to find the EXACT skills and activities you need to include in your cybersecurity job descriptions.
  • What security professionals and palm trees have in common.
  • An eye-popping demonstration of why you’re really STRUGGLING to implement cybersecurity “best practice” in your organization.
  • The 50% of cybersecurity work roles you can SAFELY ignore when hiring security professionals (and which ones you should focus on instead).
  • And many more...

This newsletter is chock-full of advice and actions you can take TODAY to solve the talent problems you have in your team RIGHT NOW and at any point in the future. This is unique advice you won't see anywhere else, and it's based on 25 years helping security leaders transform their security programs to be more effective and more aligned with what their organization really needs.

It's yours absolutely free when you type your primary email address into the box below:

Or, you can always just go to the website and read some examples of the kind of security leadership tips I'm talking about on the blog. We'll be here in case you change your mind.