Today’s another holiday here in the Northeast of Brazil. I mentioned how the whole month of June is kinda one big holiday anyway, but today is one of the specific days honoring a specific saint. In the past, the farmers gave thanks to São Pedro (St. Peter) for the rain. Today, St. Peter is doing his job because right now, as I write this email, it’s pouring outside!
Like the Dia de São João (Day of St. John), there’s also typically more traditional square dancing called the quadrilha.
When I told you briefly about this before, I didn’t really get into the story (which is relevant to the email as you’ll see in a minute). The dance tells the story of a young couple in a small farming village. It’s a story you might’ve heard before:
Guy meets girl.
Girl gets pregnant.
Guy runs away.
Girl’s father gets the town mayor to send soldiers after guy to bring him back.
Soldiers catch guy.
Girl’s father forces guy to marry girl…
…and a massive party ensues with much music, eating, dancing and drinking!
Of course, right? But hey…it’s Brazil, so they don’t like to miss an opportunity for a good party.
So watching this and thinking about it while I was pulling together information about the kinds of challenges I’ve addressed with clients as part of the Effective Security Leadership Coaching program in the past (here’s the link: https://securityleadershipcoaching.com),
…it kinda dawned on me how – without taking the analogy too far – that story is a lot like some of the stories I’ve heard from people having problems either finding…or filling…cybersecurity positions:
It’s kinda like a marriage.
And sometimes, it’s even done almost at gunpoint—depending on whether it’s the “gun” of a shockingly-high salary or the “gun” of the nameless bad guys out there “forcing” CISOs to hire crackerjack cybersecurity professionals in a hurry so they think they’ve a better chance of holding off the inevitable breach for just a little longer.
The point here is that, like the story, there’s quite a bit of pressure involved—even before you add in the whole “skill shortage” issue everyone’s all worked up about.
And the outcomes can be very similar too: while there are exceptions, getting married under pressure isn’t exactly the best way to hedge your bets for a long and rewarding marriage any more than hiring (or taking) a job under any kind of duress—even if that duress comes in the form of a lot of zeros and seems like the most fantastic idea you’ve ever heard.
But isn’t that really what a lot of security leaders are trying to do?
Based on the conversations I’ve seen recently on LinkedIn, the research I’ve been doing for something you’ll hear about in a few days, and private conversations with other security professionals, the current approach to hiring just isn’t working.
Whether it’s the quest for someone with 90 years of experience in blockchain AI threat hunting on the dark IoT (the unicorn)…
…or the refrain “they’re just not out there” when people try – and fail – to find the mythical cybersecurity unicorn that can do everything from security strategy to decompiling a malware sample to study the way it manipulates memory registers…
Here again is the refrain you’ve heard me say before: we need to change our approach.
And helping you execute that change in approach is EXACTLY what I do with my coaching clients.
The reality is there’s no skills shortage. It’s a myth. It’s a “big lie” because…
We really don’t know WHO we need (even when we think we do because we’re following frameworks and “best practice”).
We just can’t write a job description to save our industry.
…and in failing to do that, we’re missing the chance to pick up some pretty bright people with some pretty specialized skills…
…and we’re ALSO creating pressure on the profession itself to strive to BECOME that unicorn that get’s so much money, is so cool that everyone stares at them in awe and speaks their name in hushed voices at conferences…
…that we’re creating a bigger problem than we already have by forcing that “skills shortage” we’re all bitching about through our own emphasis on the security operations skills vs. building a balanced security program.
Sorry. Got a bit carried away there for a minute.
But if you’re just as frustrated as I am with the recruiting results you’re having and how those ultimately drive the balance of your security activities, then I think – maybe – I can help you solve this problem—along with potentially a good few others.
The thing is: I won’t know until we can have a conversation.
Maybe the Effective Security Leadership Coaching Program just isn’t right for you…
…but if it is…
Wouldn’t you like to see how much better your team might be?
To book a time where we can talk about it, just go to the following link before 11:59pm on the 5th of July:
If you’re a good fit, you can save some big money – nearly $7,000 – and snag one of the small number of open slots in the program.
If you’re not, well…
Happy unicorn hunting.
Andrew S. Townley
Archistry Chief Executive