The cybersecurity job market continues to evolve as regulatory complexity increases, technology advances, and organizations rethink how they build and retain cybersecurity talent. In a recent LinkedIn Live, Deidre Diamond, Founder and CEO of CyberSN, and Brian Correia, Director at SANS | GIAC, unpacked key findings from their respective cybersecurity workforce reports to better understand what’s driving cyber hiring and retention strategies in 2025.
The discussion drew on insights from the CyberSN U.S. Cybersecurity Job Posting Data Report 2025 and the 2025 SANS Global Cybersecurity Workforce Research Report, revealing a shared shift in focus: from quickly filling open cyber roles to now building cyber teams with the right skillset and investing in the development of current employees.
CyberSN’s latest U.S. Cybersecurity Job Posting Data Report highlights areas of renewed demand for cyber talent, driven by regulatory requirements, shifting workforce strategies, a growing emphasis on governance, risk, and compliance (GRC) expertise, and the need to fill cyber capability gaps.
For the past three years, Security Engineer and Security Analyst functional roles have consistently had the highest number of job postings in cybersecurity. However, both roles continue to experience year-over-year declines. While these roles saw drops from 2022 to 2024, the rate of decrease has slowed, suggesting a potential stabilization in hiring demand:
Security Engineer
Security Analyst
“It’s no surprise that Security Engineers and Analysts remain the top two cybersecurity roles, as they are the backbone of cyber teams, with more professionals in these positions than any other. They’re also feeder roles into leadership, making their decline a long-term risk for the industry,” said Diamond.
Top 10 Cybersecurity Functional Roles with the Most Job Postings in 2024:
Cybersecurity/Privacy Attorney roles surged by 40.74% in 2024, driven by increased regulatory pressures such as SEC breach reporting mandates and evolving privacy laws.
Top 10 Cybersecurity Functional Roles That Increased in 2024:
“This spike is a direct reflection of how regulatory changes are shaping hiring practices,” Deidre noted. “From the SEC’s new breach reporting mandates to evolving privacy laws, organizations need legal expertise embedded in their security teams.”
Brian added that this trend aligns with what SANS is seeing globally. “New regulations like NIS2 and DORA are influencing how organizations hire, not just adding legal roles but demanding technical staff who understand compliance implications,” he said.
One of the clearest takeaways from the SANS Report is that organizations are now prioritizing skill fit over hitting raw hiring numbers. For the first time, more respondents cited “not having the right staff” (52%) as a bigger challenge than “not enough staff” (48%).
“This is a fundamental shift,” said Brian. “Hiring used to be about filling seats. Now it’s about verifying skills and making sure people can actually do the work needed.”
Deidre emphasized this statement, “Organizations are mapping cyber capabilities across their teams and realizing it’s not about hiring more, it’s about building smarter.”
Both reports highlight a growing reliance on internal development and upskilling plans and strategies. The SANS Report found that, “55% of organizations now maintain formalized cybersecurity training programs, and 51% are prioritizing upskilling their current cyber workforce over hiring externally.”
“This isn’t just a retention tactic,” Brian explained. “It’s about survival. The organizations that thrive will be the ones investing in their people.” Deidre echoed this with a warning: “If you don’t invest in internal development, you’ll see burnout, stagnation, and ultimately failure. We’re seeing this clearly in the data.”
Automation and AI are transforming cybersecurity operations, and with them, the cyber skillsets required to succeed. “AI isn’t replacing cyber professionals, instead, it is shifting what we need from them,” said Brian. “We’re seeing demand for people who can work alongside automation tools and orchestrate complex environments.”
Deidre added: “These shifts, combined with the surge in regulatory requirements, are forcing organizations to make cyber workforce planning a board-level conversation.”
The conversation between Deidre and Brian made it clear: building tomorrow’s cybersecurity team requires more than headcount. It requires:
“We’re at a turning point,” said Deidre. “Cybersecurity workforce planning can no longer be reactive; it must be deliberate, strategic, and grounded in real data.”
For a deeper dive into the cybersecurity job market and insights on building a better cyber workforce strategy, watch the full conversation between Deidre Diamond and Brian Correia.
Learn more about how CyberSN can help you find, retain, and develop the right cybersecurity talent for your organization.
As cybersecurity teams face increasing demands in 2025, security leaders are struggling to balance limited cyber budgets, high workloads, and talent burnout. Many organizations lack the necessary visibility into workforce distribution, making it difficult to allocate tasks effectively and secure leadership buy-in for additional resources.
In a recent LinkedIn Live webinar, CyberSN Founder & CEO, Deidre Diamond was joined by Carriag Stanwyck, VP, Head of Global Cybersecurity and Compliance, and Kelly Haydu, VP, Information Security, Technology & Enterprise Applications, to discuss how security leaders can optimize their cybersecurity workforce, improve operational efficiency, and secure executive buy-in through data-driven cybersecurity workforce planning strategies.
Many security leaders struggle with gaining visibility into their team's workload, making it difficult to distribute tasks effectively and prevent burnout. Without real-time tracking, cybersecurity job responsibilities often become unevenly assigned, leading to overwhelmed employees and operational inefficiencies. Kelly said, “If you don’t know what your staff is working on and there’s a retention risk there, where’s the business continuity for that person? If they’re working on a bunch of different things that you don’t even know about, that’s a risk to the business."
By visualizing cybersecurity talent utilization, workload distribution, and cyber capabilities, organizations can ensure that responsibilities are assigned evenly and prevent team burnout before it becomes a bigger issue. “If we had better insight into what people were working on, we could take preventative action before someone gets burned out or disengaged,” said Carriag. Implementing real-time job documentation helps track daily tasks, identify disengaged employees, and reallocate tasks based on skillsets without requiring additional hires.
When communicating cybersecurity staffing needs to executive leadership, security leaders often struggle to justify additional hires and are told that their cyber talent budget is like “wack-a-mole.” As Deidre noted, “Workforce risk is one of the top two business risks companies face, and yet it’s still not measured properly.” Without clear visibility into workload and gaps, headcount requests can be dismissed.
Carriag emphasized the power of data to shift leadership perspectives: “When we can show executives the actual workload, the inefficiencies, and the gaps in coverage, they start to understand why we need additional staff.” Real-time job documentation and cyber workforce planning tools enable leaders to visualize operational strain and present staffing needs with credibility.
Before organizations can align talent to their cybersecurity strategy, they must understand how their cyber team is currently being utilized. Job titles alone don’t reveal what cyber tasks are being performed, where time is going, or where gaps exist. By visualizing talent utilization alongside cyber capabilities, security leaders gain the clarity needed to reassign work, upskill team members, and reduce cyber risk.
Organizational capability mapping builds on this visibility, allowing leaders to align current cyber talent to both short- and long-term security goals. As Deidre noted, "Without capability mapping, security teams struggle to mature. If you don’t understand your team’s strengths and gaps, you can’t build an effective long-term security strategy."
With cybersecurity workforce challenges on the rise, cybersecurity leaders must adopt proactive workforce planning strategies to stay ahead. By documenting and updating job responsibilities, organizations can reduce burnout, improve talent retention, and optimize workforce efficiency.
For more insights, watch the full webinar here.
Learn more about how our Cyber Workforce Risk Management service empowers organizations to align cybersecurity talent with their security strategy, mitigate cyber risk, and plan for long-term success.
This document presents findings from a live poll conducted during RSA 2025 Learning LAB3-M05, "Building Resilience: CISO Skills Development and Burnout Prevention", facilitated by Deidre Diamond, Founder and CEO of CyberSN and Founder of Secure Diversity, and Peter Coroneos, Founder of Cybermindz.org.
The poll collected real-time responses from 70 cybersecurity leaders, revealing the hidden stressors, burnout risks, and leadership challenges impacting our industry today.
“Burnout isn’t a personal failing, it’s a workforce risk. When leaders are overwhelmed, the whole organization is at risk. Our protectors need protection.”
— Deidre Diamond, Founder and CEO, CyberSN, and Founder, Secure Diversity
“We can’t wait for culture to change before we act. The stress is here now. The solution starts with small, human-centered interventions—and it starts with leadership.”
— Peter Coroneos, Founder, Cybermindz.org
Q: What best describes your current role?
Our survey respondents predominantly hold senior positions, with 54% serving as CISOs or Heads of Security and another 34% in director or manager-level roles. This indicates that our data primarily reflects the experiences of decision-makers with significant responsibility for organizational security postures.
Q: How many years of leadership experience do you have in cybersecurity or adjacent fields?
The cybersecurity leadership community surveyed is highly experienced, with 58% having 8 or more years of leadership experience. Only 22% have less than 4 years of experience, suggesting that burnout issues affect even the most seasoned professionals in the field.
Q: How would you rate your current level of burnout risk? (Think: Emotional depletion, disengagement, self doubt in role) Single-choice scale (1 to 5)
The cybersecurity leadership community surveyed is highly experienced, with 58% having 8 or more years of leadership experience. Only 22% have less than 4 years of experience, suggesting that burnout issues affect even the most seasoned professionals in the field.
Q: How would you rate your current level of burnout risk? (Think: Emotional depletion, disengagement, self doubt in role) Single-choice scale (1 to 5)
The cybersecurity leadership community surveyed is highly experienced, with 58% having 8 or more years of leadership experience. Only 22% have less than 4 years of experience, suggesting that burnout issues affect even the most seasoned professionals in the field.
Q: How would you rate your current level of burnout risk? (Think: Emotional depletion, disengagement, self doubt in role) Single-choice scale (1 to 5)
The majority of cybersecurity leaders report signs of burnout, with nearly half (46%) experiencing noticeable fatigue and another 17% showing frequent symptoms of high stress. Just 4% say they feel energized and thriving, pointing to a troubling lack of well-being at the leadership level.
These results underscore how common burnout has become among security leaders. Operating under chronic stress appears to be the norm, posing serious risks to both individual health and organizational resilience. When leadership operates with diminished capacity, it can affect decision-making, team performance, and the ability to manage cyber risk effectively.
Q: From this list, what are the main challenges impacting your individual stress levels? (Select ALL that apply to you)
The poll identified information overload as the leading source of stress, with 67% of respondents reporting fatigue from constant alerts, emails, and communications. This technological overwhelm is closely followed by shifting priorities (64%), creating an environment of perpetual urgency and context switching that drains mental resources.
Structural issues within organizations also significantly contribute to burnout, with manager burnout from understaffing (51%), inability to upskill (49%), and economic pressures from layoffs and budget cuts (47%) rounding out the top five stressors. These findings highlight how organizational communication directly impact the well-being of security leaders.
Cybersecurity leaders are not facing isolated challenges—they are navigating what Peter Coroneos describes as “stacked stressors”: multiple, overlapping demands that compound mental and emotional strain. Based on the RSA 2025 poll, each respondent selected an average of 7.64 out of 21 possible stressors, confirming that burnout in the sector is driven by an accumulation of stress factors rather than a single pressure point.
From constant digital communication and shifting priorities to understaffing and limited opportunities for upskilling, the data reflects a workforce stretched across too many fronts. Addressing these stacked stressors requires both systemic change and immediate interventions to protect the mental wellbeing of those charged with defending our digital world.
Communication Overload (“Alert Fatigue”) – 67%
"I asked the room to define alert fatigue. I assumed they meant SIEM or SOC alerts. Instead, they were talking about internal communication: email, Slack, Teams, Jira, WhatsApp, and project tools. While I was extremely surprised by this response, I knew this was a stressor I just didn't think it would be in the top 5 of stressors. I am feeling bittersweet about it. I know how much of a problem this is. It seems easier to solve than the ever-growing attack surface challenge, and yet, if it were easy, it would already be solved.
This tells me that this isn't a tooling issue, it's company culture. We need communication training, clear policies, and procedures. For example: What should be a phone call vs. an email and what are the response time expectations? The current chaos is triggering our neural pathways nonstop. It's not healthy, and we must solve it."
Priority Conflicts and Constant Change – 64%
“This one wasn't surprising. With two-plus years of economic chaos, change is more constant than ever. Change of strategy, change of financial situations, change of roles and responsibilities, change in leadership, change of business operation locations and timezones have all led to constant change of priorities and policies. Thus, causing severe disruption.
Understaffing and Burned Out Managers – 51%
“After two-plus years of downsizing and budget freezes, leaders are stretched thin. Combine that with the top two stressors: communication and priorities, and it’s no surprise 63% of respondents report signs of burnout. This is a capacity crisis.”
No Time for Upskilling – 49%
“Upskilling sounds great in theory, yet when we are buried in reactive communication and never caught up, who is going to have the time to be trained? We are constantly behind—how do we carve out the time, or even the mental clarity, to learn? We don't and that stunts both personal growth and organizational agility."
Layoffs, Budget Cuts, and Outsourcing – 49%
“Layoffs don’t just affect those who leave. Those who stay experience anxiety, survivor’s guilt, and more work. And often, no one talks about it. That silence magnifies the stress.”
Toxic Culture – 44%
“It breaks my heart that nearly half of the room said they’re navigating toxic cultures. The word toxic means poisonous or very harmful or unpleasant in a pervasive or insidious way. It’s a massive vulnerability when our defenders are being harmed by their own environments. Our protectors having to deal with toxic cultures is an oxymoron in itself and the strongest of vulnerabilities we face.
To think that this stressor wasn't in the top five and was in the number seven spot just goes to show how much workload and workload-related communication are hurting us—even more than toxic culture itself. Toxic cultures being ranked number seven versus in the top two may be because we have moved to a mainly remote workforce culture and therefore handling toxic cultures is easier than handling operational communication."
Creating a healthy communication culture and having clear roles and responsibilities isn't just a people issue—it's a cybersecurity challenge. When our protectors are overwhelmed, the entire organization is vulnerable.
Build a positive security culture and learn more about CyberSN's Cyber Workforce Risk Management Program.
The cybersecurity job market is evolving and so are salary ranges. The 2025 Cybersecurity Salary Data Report delivers up-to-date salary ranges across all 45 functional cybersecurity roles in the U.S., helping employers and professionals make informed decisions.
Download the report to guide hiring, benchmark compensation, and understand where the cybersecurity market is headed.
In honor of Women’s History Month, we hosted the LinkedIn Live, DEI Activists Discuss New and Old Obstacles for the Cybersecurity Industry. The discussion joins Deidre Diamond, Founder and CEO of CyberSN, Stacey Champagne, Founder & CEO of Hacker in Heels, Amy Bogac, Chief Information Security Officer at Baker Tilly US, and Juliet Okafor, Founder & CEO of RevolutionCyber. These leaders discuss the evolving challenges facing diversity, equity, and inclusion (DEI) initiatives within the cybersecurity sector and explore actionable strategies to navigate these hurdles.
The cybersecurity industry has made strides in diversity, equity, and inclusion, but progress remains fragile. “Women only comprise 22% of the cybersecurity workforce”, according to an ISC2 Study. As corporate priorities shift and public scrutiny grows, many DEI efforts are being questioned, slowed, or sidelined altogether. Deidre’s recent LinkedIn poll revealed that, “57% think the recent elimination of DEI programs will negatively affect your career.”
Juliet highlighted this regression, noting, "It feels like we’re back in the days of being told to wait our turn. We’re seeing the rolling back of DEI programs even as the need for them increases."
Organizational policies significantly influence workplace culture. Recent shifts have posed challenges for DEI efforts, calling for adaptive strategies to maintain inclusive environments. Amy observed, "A return to the office has amplified microaggressions and isolation for many,” adding that, “when DEI isn’t part of the cultural fabric, those tensions surface quickly."
Deidre reinforced this point noting, “When leaders show up with empathy and curiosity, that’s when we see people feel safe, seen, and able to do their best work.” Addressing these issues requires intentional efforts to foster an environment where all employees feel valued and included.
The underrepresentation of women in cybersecurity leadership roles remains a pressing concern. According to WiCyS, 2024 Annual Report, “women hit a glass ceiling at the 6-10 year mark in their careers.” Meanwhile, according to an ISC2 Study, “women are also struggling to fully be themselves at work. More than one-third of respondents (36%) felt that they could not be authentic at work (compared to 29% of men), while 29% felt that they were discriminated against in the workplace (compared to 19% of men).”
Stacey emphasized the need for systemic change, stating, "We can’t fix diversity gaps by just checking boxes, we need to disrupt the pipeline and build it differently. That means creating programs and paths designed by women, for women." Initiatives like Hacker in Heels aim to create tailored pathways for women to enter and excel in cybersecurity careers.
Deidre highlights the link between DEI and cybersecurity effectiveness: "DEI and cybersecurity are connected. Team well-being impacts risk posture. We need inclusive, healthy teams to stay ahead of evolving threats." Fostering diversity and inclusion isn’t just about values, it’s a critical strategy for strengthening organizational resilience and performance. That is why we partnered with Cyversity, to advance diversity and inclusion within the cybersecurity industry, from entry-level positions to leadership roles.
To navigate the current landscape and reinforce DEI initiatives, organizations can consider the following approaches:
Here are some resources for women in cybersecurity: https://cybersn.com/resources-for-women-in-cybersecurity/
Here are some resources for military veterans in cybersecurity: https://cybersn.com/military-veteran-cybersecurity-resources/
The cybersecurity industry stands at a crossroads where the commitment to DEI is more critical than ever. By understanding the challenges, implementing actionable strategies, and drawing inspiration from leaders like Deidre, Stacey, Amy, and Juliet, organizations can navigate these obstacles and foster a more inclusive and effective cybersecurity workforce.For more insights, you can watch the full webinar recording here: DEI Activists Discuss New and Old Obstacles for the Cybersecurity Industry.
For support in building a diverse cyber talent program, learn more about how CyberSN can help.
Uncover what is happening in the cybersecurity talent market with insights from three years of U.S. cybersecurity job posting data, covering all cybersecurity functional roles. 40% of the top 25 cybersecurity functional roles saw job posting growth in 2024, indicating shifts in hiring priorities.
This report offers insights to help organizations strategically plan hiring efforts while enabling cybersecurity professionals to navigate the evolving cybersecurity job market. Download the report to explore emerging trends, in-demand positions, and roles facing volatility, stability, or decline.
Author: Deidre Diamond
The last few years have left us grappling with significant cybersecurity challenges, extending beyond the CVEs, SEC breach reporting, and ransomware attacks headlines. Widespread budget cuts, an increase in outsourced talent, layoffs, and full-time roles placed on hold have disrupted the operational progress. At the same time, contracting positions have increased, the job-matching system remains broken, and severe burnout continues to take its toll on the cyber workforce. As we enter 2025, it’s clear these hurdles demand resilience, innovative solutions and revisiting how we simultaneously support the business, cyber operational and strategic progression, and the cybersecurity profession.
Many of you have asked about the current cybersecurity talent landscape and the role of CyberSN’s Cybersecurity Workforce Risk Management Program in addressing these issues, this blog is intended to answer this question.
Workforce risk management has been a cornerstone of my professional career, beginning when I entered the industry shortly after college. My mentor, whom I worked alongside for 21 years across three different organizations, often said, “Our assets go up and down the elevator every day; our job is to care for them.”
“Caring for them” started with knowing what we expected out of people and clearly defining measurable agreements of tasks and projects; with daily, weekly and monthly reporting for each of my direct reports. While also being an individual contributor. This was the foundation to operational success and high achieving teams. Is this easy to do? No. Absolutely not. Is it harder in this day and age? Yes, absolutely. Hard is just hard, not impossible, we all do hard things all the time. We can manage our team's focus to this detail today, I promise and I have proof.
Consider these findings as further persuasion of the problem: “83% of IT security professionals admit that they or someone in their department has made errors due to burnout, resulting in a security breach—39% having witnessed this more than once” (Source: Devo and Wakefield Research, Sept 2023). Additionally, “59% of security professionals are suffering from burnout, ultimately impacting job performance and weakening cyber defenses during a skills shortage” (Source: CyberArk, Nov 2023).
Any one of the above challenges increases the overall risk of an organization to significant levels. So, let's do something about it!
The foundation starts with a common language for cybersecurity roles and responsibilities. CyberSN created a cybersecurity job taxonomy 8 years ago. This taxonomy is at the core of our solution to cyber workforce risk. The link between workload management and security is clear: mistakes by cybersecurity professionals are being made and at no fault of their own. They are overworked, wearing too many hats, undervalued, misunderstood, and viewed as a cost. This, coupled with the relentless fight against adversaries and an ever growing attack surface, has led to widespread cybersecurity burnout, little advancement in repeatability and automation of mindless tasks, and raising organizational risk.
CyberSN Platform and Service are addressing these challenges:
1. Talent Utilization: Documentation, Visualization, and Updating: We document and provide visualization of how each employee is being utilized. Leveraging the CyberSN Platform. Managers are able to keep their employees' job descriptions continuously updated to reflect how the organization is currently using their time. This clarity provides cybersecurity leaders with a real-time view of workload distribution, enabling better workload management, offering a solution through CyberSN’s Platform to align job descriptions with cyber capabilities. With this transparency and visualization, roles can be updated, cyber department capabilities tracked, and objectives aligned.
2. Organizational Capability Mapping and Visualization: Understanding individual roles to a structured organizational capabilities framework, cybersecurity leaders gain the insights needed to identify gaps, evaluate strengths, and align cyber talent with their overall security strategy. This approach serves as a foundation for developing strategic roadmaps, refining priorities, addressing critical capabilities gaps, and ensuring efficient program execution. It empowers cybersecurity leaders to foster team growth while driving measurable progress toward current and future security objectives.
3. Aligning Career Aspirations with Workload Management: By documenting tasks and projects directly with each employee and discussing how they enjoy what they are doing daily, we are able to have career discussions that can be taken into account for organizational planning while also giving career planning support to employees. This information, captured in the CyberSN Platform, enables managers to create a culture of professional efficacy with their employees while also enhancing productivity and cybersecurity talent retention, while reducing organizational risks.
In closing, I need to say the well-being of the cybersecurity community is our greatest risk and we can no longer ignore it or assume leaving organizations will make things better—it won’t. As managers (anyone can be a leader, but being a manager means taking responsibility for a team’s workload) and as the leaders of our teams, we must implement programs that are both visible and effective. When we do, we can communicate effectively, truly lower our organizational risk and provide professional efficacy to our talent.
Without a cybersecurity workforce risk management program, these very serious challenges will persist. At CyberSN, we’re addressing these challenges by equipping cybersecurity leaders with the insights and tools needed to manage workloads and cybersecurity talent effectively. Spreadsheets alone can’t capture the value of your talent or justify the cybersecurity budget you need. With the right tools and data-driven insights, you can build and retain a cybersecurity workforce that enhances both performance and security while securing executive buy-in.
To further enhance workforce efficiencies, we have officially expanded our taxonomy in 2025 to include IT, recognizing the vital interplay between cybersecurity and IT teams. Both teams rely on each other to operate effectively, and this expanded taxonomy will provide IT leaders with the same insights and solutions across critical IT categories, including:
We can impact our biggest vulnerability. Reach out anytime as we are here to support the community. To learn more about our cybersecurity and IT workforce risk management programs, get in touch here.
As we approach 2025, businesses face a rapidly evolving cyber threat landscape. From ransomware to AI-driven threats, organizations must adopt strategies that address both technical and workforce vulnerabilities. Deidre Diamond, Founder and CEO of CyberSN, stresses the importance of integrating workforce well-being into cybersecurity planning to stay ahead of emerging threats.
Ransomware exploits vulnerabilities such as misconfigurations and human error, but burnout among cyber teams is an often-overlooked risk. Devo’s survey revealed that, “83% of cybersecurity professionals have experienced burnout, leading to errors that resulted in security breaches.” A mentally fatigued team is more likely to miss early warning signs,more prone to errors, and struggle to execute a well-defined recovery process, contributing to the damage of an attack.
To mitigate ransomware risks, leaders must combine traditional defenses (e.g., MFA and attack surface monitoring) with a focus on cyber workforce risk management. Prioritizing work-life balance, optimizing workloads, and fostering career growth, can significantly reduce burnout and enhance team resilience.
Effective recovery requires viewing workforce risks as part of attack surface management. Building a holistic view of team capabilities and gaps ensures cyber teams are better equipped to respond quickly and decisively. This continuous process reduces long-term impacts and strengthens organizational resilience.
We are partnered with Cybermindz to support leaders in post-breach care. This solution extends the effectiveness of cyber management through personalized mentoring and offering rapid post-breach trauma recovery support to ensure teams maintain performance under pressure.
AI brings both risks and opportunities. Threats like AI-driven phishing and deepfake attacks are rising, but AI also serves as a powerful tool for security teams. By automating repetitive tasks, improving repeatability, and enabling scalability, AI can enhance cybersecurity maturity while reducing human workload pressures and burnout.
To prepare for 2025, organizations must treat cyber workforce well-being as a core component of their cybersecurity strategy. By addressing both technical vulnerabilities and human factors, businesses can strengthen their defenses and ensure resilience in an increasingly complex threat environment.
Contact us to reduce your cyber risk by identifying talent gaps and empowering, engaging, and retaining your cybersecurity professionals.
Cybersecurity leaders often face a tough balancing act: protecting their organization from risks while managing tight budgets and limited resources. These pressures can lead to overworked cybersecurity teams, missed deadlines, and an increased risk of cybersecurity burnout.
In our recent webinar, Deidre Diamond, Founder and CEO of CyberSN, and Dan Garcia, Chief Information Security Officer at EDB, shared strategies for overcoming these challenges by leveraging cybersecurity contractors. Their discussion demonstrates how contractors can enhance team performance, save costs, and help organizations achieve their goals more efficiently.
As Deidre pointed out, this pressure is unsustainable: “CISOs are expected to do more with less, which leaves teams stretched too thin to handle both daily operations and strategic projects.”
Dan shared how this reality impacted his team. The constant need to address immediate threats left little room for proactive planning. Bringing in contractors provided relief, allowing his team to refocus on core priorities without compromising security.
Cybersecurity contractors offer a unique opportunity for cybersecurity teams to scale efficiently. Their specialized skills and ability to hit the ground running make them a practical solution for urgent needs.
For Dan’s team, contractors proved essential to meeting deadlines: “We had critical projects that couldn’t wait for the lengthy process of onboarding full-time employees. Contractors delivered the expertise we needed right away.”
One major advantage of contractors is their ability to work under a Statement of Work (SOW). These arrangements define clear goals, deliverables, and timelines, ensuring projects are highly focused and measurable. Dan emphasized this benefit stating, “With SOW contractors, the goals were super detailed, and we could feel the progress and completion of each project. This clarity kept the team aligned and made it easy to track success.”
Deidre emphasized this, highlighting how SOW-based projects allow teams to accomplish critical objectives without overextending full-time staff: “The defined scope of work ensures everyone knows what to expect, and the measurable outcomes provide a sense of achievement when completed.”
In addition to defined project outcomes, Dan highlighted the financial flexibility contractors provided: “We could scale up or down as needed, allowing us to prioritize critical projects without overspending. It gave us much-needed control over our resources.” This financial flexibility ensures organizations can achieve their goals without exceeding their budgets.
This project-focused approach, combined with the flexibility contractors offer, allows organizations to adapt to evolving business needs while maintaining high standards of efficiency and accountability.
Another advantage of contractors is their cost-effectiveness compared to consulting firms. While consulting firms can deliver value, they often come with a hefty price tag and less flexibility. “Contractors integrate directly into your team, providing the expertise you need without the overhead of a consulting firm,” Deidre explained.
In addition to cost savings, hiring cybersecurity contractors offers greater control over the process of building your team. Unlike consulting firms, where you are often assigned a designated resource with little say in who that person is, contractors allow organizations to handpick individuals with the specific expertise they need. This approach ensures the person aligns well with both the project requirements and the organization's culture.
One of the long-term benefits of hiring contractors is the ability to convert them into full-time team members. For organizations looking to build their teams strategically, this can be a low-risk way to evaluate talent before making a permanent commitment.
“When you find a contractor who aligns with your culture and goals, transitioning them to a full-time role is seamless,” Deidre noted. Contractors who prove their value during short-term engagements can quickly become key contributors to a team’s success.
Dan shared his experience of successfully converting a contractor to a full-time role: “We brought in a contractor for a critical project, and their impact was undeniable. By the time the project wrapped up, it was clear they were a perfect fit for our team and we transitioned them to a permanent position without hesitation.”
This approach not only ensures the right fit but also accelerates the onboarding process, as the contractor is already familiar with the organization’s culture and goals.
Whether addressing short-term security challenges or filling long-term talent gaps, cyber contractors provide the flexibility and expertise organizations need to thrive. Their ability to quickly integrate into teams ensures critical projects are completed efficiently and on time, helping organizations achieve their goals without overburdening existing staff.
At CyberSN, we help cybersecurity leaders determine when to leverage contractors or Statement of Work (SOW) agreements versus hiring full-time employees, based on their unique needs and budgets. We also prioritize the well-being of our contractors by offering benefits such as healthcare, paid vacation, career training, and access to industry events—fostering satisfaction for both contractors and clients.
Learn more about how our staff augmentation solutions can empower your team and take critical projects off your plate.
Discover the latest trends in cybersecurity job postings with the CyberSN Mid-Year Report 2024. Explore how hiring patterns, job functions, and demand for specific cybersecurity roles have evolved this year.
As we celebrate our 10-year anniversary, we extend our heartfelt thanks to the cyber community of clients, candidates, partners, and everyone who works tirelessly to protect us. Our love and respect for you is enormous, and we are here, working every day to protect and support you. Here’s to the next decade of empowering cybersecurity professionals and safeguarding our digital world.
CyberSN reflects on a decade of empowering cybersecurity professionals and leaders to build their careers and develop resilient teams. Founded September 2014, CyberSN has been at the forefront of cybersecurity workforce solutions to enhance talent diversification, acquisition, development, retention; while creating operational efficiencies for maturing security practices. Powered by the CyberSN Taxonomy and Platform, CyberSN aligns cybersecurity professionals with the needs of the industry, bolstering national and organizational security.
CyberSN’s ability to retain its talent is a testament to the culture of resilience, support, and commitment that defines our company. We are especially proud to acknowledge the dedication of team members who have been with us from the very beginning and continue to shape our success today. Dawn Saez, CyberSN's first hire; Dom Glavach, our Chief Technology and Security Officer and Erik Ligda, Director of Product who created our CyberSN Taxonomy and led our platform's vision alongside our Founder, Deidre Diamond. Deborah Maggio, leads our finance and HR Operations, and Travis Monson leads our Recruiting Department. If you know our Founder then you know from day one she has led our sales and services strategy, she is a force of nature. These individuals and the amazing teammates who have joined over the years are committed to the mission, vision and values of CyberSN.
CyberSN’s mission has always been clear: to make job searching and talent matching simple. Our vision has always been to create a cyber workforce platform that empowers cybersecurity leaders to successfully hire, develop, retain, and manage both their talent and organizational capabilities. Today we live in this vision and we are committed to securing the mental health and resilience of cybersecurity teams with our workforce risk management solutions and partnerships.
Founder and CEO of CyberSN, Deidre Diamond shares, “It's a marathon, not a race. Building something that lasts requires commitment and the determination to never give up. I've occupied the fascinating role of a corporate athlete for 30 years now, and CyberSN has seen great successes over the last decade. As we celebrate our ten-year anniversary, we find ourselves stronger than ever, with a team that has incredible drive. We understand the immense pressure the cyber community is under, and we are dedicated to helping every day. This is what makes the marathon worth it.”
To achieve our mission of simplifying job searching and matching in the cybersecurity industry, we recognized the need for industry standardization, clear role definitions, and precise job matching. This led us to develop the CyberSN Taxonomy, which fosters a shared language between employers and professionals, enhancing mutual understanding and alignment. Built upon and extending the NICE Framework, our taxonomy defines cyber projects and tasks for over 45 functional roles across 10 categories: GRC, defense, product security, education, management, offense, planning, research, response, and sales.. Explore the CyberSN Cybersecurity Taxonomy.
Our taxonomy serves as the foundation for all our services and technology, enabling us to deliver unparalleled precision in job matching, talent development, and organizational planning.
In today’s evolving cybersecurity landscape, diverse attackers require diverse defenders, making it crucial to build teams with varied perspectives and experiences. Moreover, burnout is a critical risk, not only to individuals but to organizations, as it can lead to decreased performance, high turnover, and vulnerabilities. Over the past decade, we’ve collaborated with key partners to tackle these challenges and advance our shared mission of building a resilient and diverse workforce.
As we look to the future, CyberSN remains dedicated to innovation, growth, and our unwavering commitment to the cybersecurity community. Our mission continues to evolve as we integrate mental health and workforce workload management into our talent risk management solutions, ensuring that teams are not only operationally supported but also mentally resilient.
Deidre Diamond reflects on this journey: “When we have significantly decreased burnout in the cybersecurity community I will rest. We must get solutions into the hands of security leaders to drive workforce change. As we work toward standardizing a talent risk score through our platform, we aim to help organizations mitigate workforce-related risks while fostering a healthier work environment.”
Get in touch with us to learn more about our solutions to help bridge talent gaps, foster diversity, and enhance team resilience while reducing overall cyber risk.
Early stage companies, particularly those with venture funding, are lucrative targets for ransomware attacks because attackers know that public disclosure of a data breach is often seen as a company-ending event.
Studies show that 43% of all cyber attacks target small businesses, while criminal ransomware gangs are increasingly targeting tech startups for extortion. Sophisticated cyber attackers target tech startups in so-called “supply chain attacks”, in which the smaller company is used as an entry point to attack customers who are larger and more secure.
Early-stage and venture-backed startups face even greater risks from cybersecurity incidents. A data breach can have significant repercussions for a startup, including:
Startups are inherently high-risk. Startup founders are focused, rightly, on the main existential risk: running out of money. Therefore, a startup’s security program should be focused on the following three goals:
Startups operate with tight budgets and they lack dedicated security expertise. When startups scale quickly, their security practices often lag behind their growth. New systems, features, and data flows introduce new risks, which get piled on top of existing risks until the company has accumulated a huge amount of so-called “security debt”.
The challenge then becomes how to “cross the chasm” from an ad-hoc security approach to a security program that’s appropriate to the startup’s size and stage.
At CyberSN, we understand the unique cybersecurity challenges that startups face, especially when transitioning from seed stage to Series A and beyond.
Security consulting firms too often take an all-in, compliance approach that’s heavy on documentation but light on practical implementation. We know you don’t want to invest tens of thousands of dollars just to get a PDF document spelling out all the areas where you already know you fall short.
CyberSN’s Startup Security Program helps early stage companies by providing a custom cybersecurity strategy and right-sized security program, along with expert hands-on implementation by our security experts working as an extension of your team.
By taking a flexible and phased approach, we deliver actionable security solutions that protect your business, support growth, and meet the demands of investors, partners, and customers. With our expertise and tailored program, we enable startups to navigate the cybersecurity landscape confidently, ensuring security becomes a business enabler rather than an obstacle.
Discover our custom cybersecurity programs designed to safeguard your startup from ransomware, data breaches, and supply chain attacks. Get in touch to learn more.
In today’s fast-paced cyber landscape, effective leadership in hiring, organizing, motivating, and retaining cybersecurity staff is more critical than ever. Cyber workforce risks like unfilled jobs, skill gaps, and burnout are on the rise, increasing both organizational and cyber risks. To explore these challenges, CyberSN hosted a webinar featuring a panel of experts, including Deidre Diamond, Founder and CEO of CyberSN and Founder of Secure Diversity, Peter Coroneos, Founder of Cybermindz.org, Dom Glavach, Chief Security and Technology Officer at CyberSN, and Chad Loder, VP of Security Solutions at CyberSN. The discussion focused on the human side of cybersecurity, covering topics such as professional efficacy, burnout, trauma, and strategies for building a healthier and more resilient cyber workforce.
Deidre Diamond, highlighted the importance of protecting the professionals who safeguard organizations. She emphasized, “If we’re going to retain and develop resilient cyber practices, then we need to understand that the management of that is mental, physical, and work health.”
Peter Coroneos shared the serious issues of burnout within the cybersecurity industry and the significant challenges with satisfaction and retention. “A recent study we did revealed that cybersecurity professionals are burning out faster than frontline healthcare workers,” he noted, emphasizing the urgency of addressing this issue.
A major contributor to cybersecurity workforce risk is the loss of professional efficacy, which refers to an individual's belief in their professional competencies and their ability to perform effectively in their work role. This loss is closely linked to burnout and resignation. Deidre observed that many cybersecurity professionals lack clear metrics to measure their success, leading to feelings of ineffectiveness. Dom Glavach stressed, “Defining success is critical because it’s that first rung in the career ladder. It’s what makes you say, ‘I did something today.’” He also highlighted the importance of clearly defining everyone's roles and responsibilities and establishing measurable agreements for both employees and management. This clarity helps ensure that professionals understand what is expected of them and how they can achieve their goals, fostering a more motivated and effective workforce.
Trauma from cybersecurity incidents, such as breaches, is another significant issue. Peter explained that unresolved emotional energy from such events can lead to long-term psychological issues, affecting both individuals and team morale. He noted that 74% of cybersecurity leaders report that team members are resigning due to the unmanageable stress associated with cyber incidents. “Trauma does not auto-resolve in many cases,” he warned, highlighting the need for proactive intervention. To address this, Cybermindz and CyberSN offer joint solutions from leadership and crisis support to cyber workforce risk management. These initiatives give security leaders a 360 degree view of their cybersecurity teams and extend the effectiveness of cyber management to ensure teams can maintain performance under pressure.
Addressing these challenges requires both organizational action and individual care. Deidre advocated for comprehensive cyber workforce risk management solutions that include mental health support, proper workload management, and a focus on overall well-being. Chad pointed out that some organizations are successfully managing these challenges, suggesting that studying these success stories can help others improve. “There is hope because we can study what those organizations do and say, ‘Let’s emulate that and make programs out of them,’” Loder highlighted.
Prioritizing the mental health and well-being of the cybersecurity workforce is essential for creating healthier, more resilient teams. By focusing on the human side of cybersecurity, leaders can strengthen their organizations and better equip their teams to meet today’s complex challenges. Now is the time to implement strategies that support both the professional efficacy and overall well-being of your cyber professionals, ensuring they are prepared and motivated to protect your organization.
To support your cybersecurity workforce and prevent burnout, get in touch.
The CyberSN and Cybermindz partnership enables organizations to attract, retain, and support skilled cybersecurity talent while maintaining a strong focus on mental health and resilience, leading to more effective cybersecurity teams. Learn more about this partnership.
CyberSN, a leader in cybersecurity workforce risk management, is excited to announce a strategic partnership with Cybermindz.org, a non-profit led by cyber and mental health pioneers, that brings the world’s first peer-informed, military-proven, neuroscience-based, burnout prevention services to cyber teams and beyond. This collaboration is designed to provide comprehensive cybersecurity programs that address the critical need for resilience in cybersecurity, offering targeted solutions for burnout and mental health challenges faced by cybersecurity teams.
In today’s high-stakes environment, cybersecurity professionals are under constant pressure, leading to a significant rise in burnout. A recent survey from Mimecast revealed that 54% of cyber professionals report a decline in mental health due to ransomware threats alone. A 2023 study by Cybermindz found that cybersecurity professionals score higher on the burnout scale than the general population and even frontline health workers. ISACA’s State of Cybersecurity Report highlighted that 43% of cybersecurity professionals leave their jobs due to burnout from relentless high-pressure situations. Additionally, Cynet’s survey revealed that 65% of CISOs admitted that stress and work overload compromise their ability to protect their organizations effectively.
Peter Coroneos, Founder of Cybermindz, emphasizes the importance of mental resilience in cybersecurity, "Our brains are wired to detect physical threats, but in cybersecurity, we're dealing with virtual threats 24/7. This constant state of alertness can significantly strain our mental health." Deidre Diamond, Founder and CEO of CyberSN and Founder of Secure Diversity adds, "The high levels of burnout in our industry not only affect individual well-being but also compromise overall cybersecurity effectiveness."
To combat burnout in cybersecurity and improve resilience, CyberSN and Cybermindz are offering a holistic approach that integrates both neuroscience-based performance skills and strategic talent management. This partnership aims to reduce burnout-related attrition by up to 50% and enhance mental resilience through tailored cybersecurity programs.
The combined solutions include workforce risk management support, talent optimization, talent acquisition programs, year-long stress reduction and resilience training, and leadership and crisis support, ensuring cybersecurity teams are well-prepared to meet today’s challenges. Empowering organizations to attract, retain, and upskill cybersecurity talent while maintaining a strong focus on mental health and resilience.
The partnership between CyberSN and Cybermindz will have a profound impact on the cybersecurity industry at multiple levels. Nationally, it strengthens security infrastructure by ensuring that cybersecurity teams are resilient and mentally supported. Organizationally, it fosters a diverse and sustainable work environment, improving team cohesion, cybersecurity resilience, and talent retention. On a personal level, cybersecurity professionals will benefit from clear roles, upskilling programs, and targeted mental resilience training, helping them manage stress and prevent burnout in cybersecurity.
Deidre Diamond emphasizes, “83% of IT security professionals have experienced burnout, leading to errors that resulted in security breaches. These mistakes are a direct result of burnout and under-resourced teams. This is an organizational issue. Partnering with Cybermindz brings a closed-loop solution that allows organizations to be responsible for their talent’s resiliency and lower their risk profile.”
Peter Coroneos adds, “Our collaboration harnesses the strengths of both organizations to provide comprehensive mental resilience training and burnout prevention strategies. Together, we aim to create a healthier, more sustainable work environment for those on the front lines of cyber defense.”
To further discuss employee burnout solutions and resilience in cybersecurity, get in touch with CyberSN and Cybermindz. Read more insights in our latest blogs on Solutions to Combat Cybersecurity Burnout and The State of Cybersecurity Burnout.
We are thrilled to announce a strategic partnership between CyberSN and Cyversity, aimed at advancing diversity and inclusion within the cybersecurity industry. This collaboration will leverage the strengths of both organizations to foster a more inclusive workforce, from entry-level positions to leadership roles.
At CyberSN, we believe that diverse attackers require diverse defenders. Our commitment to bridging the diversity gap in cybersecurity aligns perfectly with Cyversity’s mission to diversify, educate, and empower.
As Deidre Diamond, our Founder and CEO, says, “Diversity is not just a goal; it’s a necessity for innovation and resilience in cybersecurity. Partnering with Cyversity is beneficial to all of our clients who need to defend against diverse attackers. Cyversity’s programs are for all underrepresented humans, not just gender based. Together, we plan to offer more diverse talent to employers utilizing flexible employment options of capital and operational budgets."
Through this partnership, CyberSN will offer clients a greater diversity pool of candidates and a comprehensive program for hiring new cybersecurity professionals who have undergone hands-on training through Cyversity. This initiative includes student training programs designed to equip individuals with the skills needed to succeed as contractors or permanent employees in cybersecurity.
Together, we can make a significant impact on the cybersecurity industry by fostering inclusive and diverse environments. Attract, hire, develop, and retain a diverse cybersecurity workforce with CyberSN and Cyversity.
View our diversity staffing solutions across talent matching, contract-to-hire programs, diversity talent pipeline development, and workforce risk management. For support with your diversity talent strategy and sponsorship or donation inquiries for Cyversity, get in touch.
The recent cybersecurity attack on CDK Global, resulting in widespread outages for car dealerships, is yet another reminder that no industry is immune to cyber threats and highlights the significance of Business Continuity Planning (BCP) for the impacted car dealerships. All companies have some form of BCP plan in place—whether formalized or in-progress, executive teams and CISOs create, train people, and test business continuity plans in preparation, ultimately hoping they never have to formally initiate these plans. Let's delve into the significance of BCP, with a particular focus on the often-overlooked role of cybersecurity staff within this process.
BCP is a fundamental aspect of any organization’s risk management strategy. It ensures that essential functions can continue during and after a disaster, be it natural, technical, or cyber. The CDK Global cybersecurity attack underscores the importance of having a robust BCP that includes technical recovery plans and also provisions for maintaining cybersecurity operations.
In the context of a cybersecurity attack, the immediate focus often falls on restoring systems and data. However, an equally important aspect is the continuity of cybersecurity operations. Cybersecurity teams are on the front lines, defending against cyber threats and mitigating damage. Their expertise and ability to respond swiftly are critical to minimizing the impact of an attack.
While much of BCP focuses on systems, data, and processes, there's a critical component that often gets overlooked: the cybersecurity staff themselves. Including cybersecurity teams in BCP planning is essential for several reasons. First, these professionals possess unique skills and knowledge crucial for responding to cyber incidents. They understand the organization’s security architecture, are familiar with threat landscapes, and can execute response plans effectively. Losing a key team member, even temporarily, can significantly hamper an organization's ability to respond to and recover from a cyber incident.
The continuity of cybersecurity operations relies heavily on the availability and capability of the cybersecurity team. During a cybersecurity attack, cyber staff are responsible for detecting and analyzing the cyber threat, coordinating the response, and implementing recovery measures. Their absence can lead to delays, miscommunication, and potentially more severe consequences.
The departure of a cybersecurity team member, whether planned or unexpected, poses a substantial risk. The knowledge and experience that individuals bring to the table are not easily replaceable. In a field where strong cybersecurity talent is already scarce, finding qualified replacements can be a daunting task.
Succession planning is critical and often insufficient by itself. Organizations must understand the specific tasks and projects each team member handles and develop a comprehensive knowledge transfer strategy. This ensures that critical functions can continue smoothly even if key personnel are unavailable.
When conducting a Business Impact Analysis (BIA) as part of BCP, organizations typically assess the impact and likelihood of various risks. It is imperative to include cybersecurity staff as a critical resource in this process. The risks associated with the absence of key cyber personnel should be evaluated in terms of both impact and likelihood.
CyberSN’s Cyber Workforce Risk Management Solutions can be a valuable resource for organizations looking to manage this risk effectively. Our solutions provide insights into the availability, maturity and readiness of cybersecurity talent, helping organizations to mitigate the impact of staff departures and maintain robust security operations.
The CDK Global cybersecurity attack is a powerful reminder of the need for comprehensive Business Continuity Planning that includes a focus on cybersecurity teams. Ensuring the continuity of cybersecurity operations during an attack is crucial and the presence of skilled cyber professionals is indispensable. As we navigate an increasingly complex threat landscape, organizations must proactively prioritize the integration of cyber staff into their BCP plan and leverage solutions like CyberSN’s workforce risk management to maintain a resilient security posture.
For more information on how to manage workforce risks in your cybersecurity team, view CyberSN’s Workforce Risk Management Solution.
To observe Mental Health Awareness Month, CyberSN partnered with Devo and Cybermindz.org for a panel discussion about the mental health challenges facing cybersecurity professionals and solutions for overcoming stress, anxiety, and burnout. This insightful discussion featured CyberSN’s Founder and CEO Deidre Diamond, Devo’s CISO Kayla Williams, and Cybermindz.org’s Founder Peter Coroneos. We will highlight the key insights from the discussion, starting with the significant impact of burnout on cybersecurity professionals.
A recent survey, highlighted that “83% of cybersecurity professionals have experienced burnout, leading to errors that resulted in security breaches.” Peter's research further revealed that cybersecurity professionals are experiencing higher levels of burnout compared to frontline healthcare workers. "Our brains are wired to detect physical threats, but in cybersecurity, we're dealing with virtual threats 24/7. This constant state of alertness can significantly strain our mental health," Peter explained.
Deidre added, "The high levels of burnout in our industry not only affect individual well-being but also compromise overall security effectiveness. It's crucial to address these issues to maintain a strong cybersecurity workforce." This emphasizes the importance of a strong talent retention strategy to retain skilled cybersecurity professionals amidst the ever-evolving threat landscape.
Indicators of Quitting (IOQ) can be seen as early warning signs that a cybersecurity professional might be considering leaving their position. Recognizing IOQs can help manage and retain talent, a critical factor in maintaining a resilient cyber security workforce. Cybersecurity professionals have shared in a ISACA 2023 Report, that they leave their jobs for various reasons, including burnout from constant high-pressure situations (43%).
The loss of professional efficacy is a significant predictor of resignation, underscoring the urgency to address these mental health challenges.
Burnout in cybersecurity is intensified by various factors, including:
The leaders on the panel discussion emphasized the need for both immediate and long-term solutions to combat burnout. An immediate solution is to provide trauma support. During and after significant breaches, offering trauma support can prevent attrition and mitigate the impact of stress. Implementing debriefing sessions and counseling can help cybersecurity professionals process their experiences and reduce long-term psychological effects.
Long-term cultural changes involve incorporating mental health support and resilience-building practices into the daily workflow. This includes:
Peter shared the iRest protocol during the discussion, a scientifically backed method designed to reduce stress and enhance resilience. Originally developed for military personnel with PTSD, iRest helps slow brain wave activity, reduce cortisol levels, and increase serotonin, leading to improved sleep, better focus, and overall well-being. Deidre Diamond noted, "Incorporating practices like iRest can make a significant difference in how our teams cope with the relentless pressure of cybersecurity work. It's about finding ways to help our brains switch off from constant alertness."
Kayla Williams shared her personal experience with iRest, stating, "After implementing the iRest techniques, I noticed a remarkable improvement in my ability to handle stress and maintain focus. It's a practical tool that leaders can introduce to their teams to foster a healthier work environment."
Leaders play a crucial role in setting the tone for mental health and well-being in their cybersecurity teams. By practicing empathy, showing vulnerability, and leading by example, leaders can create a supportive environment that encourages self-care and open communication about mental health challenges. Kayla Williams emphasized, "As leaders, we need to prioritize our own mental health to effectively support our teams. By openly discussing my struggles with stress and the steps I take to manage it, I aim to create a safe space for my team to do the same."
The cybersecurity industry faces unique mental health challenges, but with the right strategies and support systems in place, cybersecurity leaders can build resilience and reduce burnout in their teams. As highlighted in the webinar, the focus is shifting from merely acknowledging the problem to actively seeking and implementing solutions.
For support in cyber workforce risk management, get in touch.
In April, Deidre Diamond, Founder & CEO of CyberSN and Founder of Secure Diversity, joined National Cyber Director, Harry Cooker and representatives from more than 30 companies to discuss the commitments of the Federal Government and private sector to demonstrate progress building the nation’s cybersecurity workforce. Reflecting on the experience, Deidre said, "My trip to The White House was an incredible experience as an American, a sociologist, and a business owner who cares tremendously about the cybersecurity community."
During the visit, the Biden Administration made a groundbreaking announcement: the removal of degree requirements for federal cybersecurity jobs. This initiative aims to make these roles more accessible by focusing on specialized training rather than traditional four-year degrees. Deidre emphasized, "The administration is focused on creating well-paying jobs, particularly in middle America, and this move is a significant step in the right direction."
The visit also marked the launch of the 2024 SANS | GIAC Cyber Workforce Research Report, unveiled at The White House. CyberSN played a pivotal role in this study, contributing to the development of key questions that help understand workforce challenges in cybersecurity. “Knowledge is power. Partnering with SANS to bring powerful data to us all is imperative to us defending ourselves," Deidre noted.
The SANS Workforce Report identified critical roles in cybersecurity, such as Forensics Analyst, Information Systems Security Manager, and Security Architect. It also highlighted significant hiring challenges, including salary competitiveness and the lack of defined career paths. CyberSN’s Job Posting Data Report corroborates these findings, showing consistent top roles in cyber across different sources.
Cybersecurity managers were asked to select their top three challenges for hiring mid-level cybersecurity staff. According to the SANS Report, salary competitiveness (26%) was the number one challenge identified among respondents, followed by a lack of defined career paths (14%). CyberSN's Salary Report supports these findings, showing that management salaries have decreased, indicating dissatisfaction. "First time we have seen a decrease of salary going down for cyber roles," Deidre highlighted.
One of the primary challenges identified in the SANS Report is the inefficiency of traditional hiring methods. CyberSN's Platform and Taxonomy helps improve communication between recruiters and hiring managers. Deidre pointed out, "Communicating better with your recruiters about your jobs gives them consumable content so they can immediately assess if it is the right fit or not."
The SANS Report revealed that 46% of HR managers emphasized the need for enhanced collaboration between HR and Cybersecurity managers. Notably, they are also keen on maintaining standardization, as indicated by 31% of the responses, which makes the case for wider adoption of the NICE Framework. However, only 14% of respondents in the SANS Workforce Report reported using the NICE Framework for cybersecurity work roles and job applications. "Absolutely agree having a framework makes communication productive. CyberSN’s Taxonomy that our platform leverages for our solutions is aligned and extended upon the NICE Framework so you can acquire, retain, develop, and diversify cyber talent," Deidre added.
Creating a job description utilizing CyberSN’s job builder and cybersecurity taxonomy gives HR managers a tool to determine whether candidates are qualified and interested. For example, jobs posted on CyberSN will typically see 800 views and only 4 applications as professionals can easily tell if they are qualified and interested compared to other job platforms. Posting on CyberSN ensures that anyone who applies is easy to match. This removes unqualified applicants. CyberSN jobs are specific and easy to understand because of our matching criteria: job responsibilities, compensation expectations, location, citizenship status, degrees, and certifications.
The SANS Report also emphasized the critical role of non-salary benefits in retaining cybersecurity professionals. Deidre reflected, “People often move jobs for more money; it's a known risk. They'd rather tell their current employer, 'I got the money you wouldn’t pay me,' instead of discussing the real problems. It's not really what opened the door—it's just easier to say it was the money."
With 68% of the industry citing insufficient training and development opportunities as a significant issue, CyberSN's strategy involves creating growth opportunities before hiring. "Every job we take at CyberSN includes a growth story. This is what people want, and if they don't have one, we create that strategy so that you can build and develop before you hire them," Deidre explained.
When asked what hurdles they face when it comes to training mid-level cybersecurity professionals, cybersecurity managers in the SANS Report revealed that 40% stated the lack of a cybersecurity training budget, followed by 38% citing the lack of time/staff to get training. Deidre shared, “Understaffed and under budgeted are creating national security issues around talent. Therefore we need to have compliance control. Security leaders need to be able to speak risk in order to get the appropriate budget for training and development.”
The SANS Report also highlighted the growing importance of Diversity, Equity, and Inclusion (DEI) within organizations. Nearly 80% of respondents indicated that DEI is becoming an integral part of their organizational culture. Deidre commented, "It's great to see this focus on diversity, especially during a time when DEI has been a target of political debate."
According to the SANS Workforce Report, HR managers primarily rely on straightforward online postings, notably on platforms like LinkedIn (32%) and job posting websites (30%). These platforms tend to be saturated with candidates, making it crucial to employ specific keywords and filtering parameters effectively to sift through the vast pool of applicants. Deidre noted, "The amount of time to go through 800 resumes to find 4 matches can be months worth of work. Internal talent teams don’t speak the language as they aren’t in cyber. We have a taxonomy that is a shared cyber language and a Talent Matching Solution that is half the cost of staffing fees, empower internal talent teams, and is 100% money-back guaranteed delivering qualified and interested candidates that match your role in 45 days or less."
Time to hire by role takes from 81-98 days for key roles, according to the SANS Workforce Report. CyberSN fills roles in 45 days or less, half the time it takes for HR to hire. "It illustrates how hard it is to match even when 85% of cyber professionals are willing to take a job opportunity call and are open to opportunities," Deidre explained.
The process efficiency is not just about the duration it takes to fill the role but also about the resources expended. For example, in a case study with Zions Bancorporation, hiring managers saved approximately 90 hours on interviews alone, not to mention an additional 10-20 hours previously spent on resume screening by the internal talent team. "It's not just about how long the role is open; it's about how much time searching for these people or talking to these people that were the wrong fit," Deidre emphasized.
In the context of cybersecurity talent retention, managers identified salary (23%), lack of a defined career path, and inadequacy of progressive training (31%) as top challenges, according to the SANS Workforce Report. "Money being number 1 is a mask to the real problem. While everyone wants to make more money, happy people don’t answer recruiting calls that get more money. It is typically due to career development, recognition, and how they are treated," Deidre reflected.
Additionally, the study found that only 32% of respondents acknowledged that cybersecurity turnover poses a significant challenge. Companies with 101-500 employees experience a slightly higher turnover rate of 39%. Deidre explained, "These companies typically don’t have growth opportunities for mid-senior level employees. A lot of these mid-senior professionals move to enterprise in order to get to the next seat. Share what you have to offer them over the next 2-5 years and be clear so that you develop someone's career to the level they want to have or have them help you replace them when the time is for them to go.”
CyberSN’s Cyber Workforce Risk Management Solution addresses these challenges by providing salary alignment recommendations, resource gap identification, custom career development plans, organizational capabilities and functional structure, and a diversity strategy for your entire security team.
Approximately one-third of respondents in the SANS Workforce Report believe that the cybersecurity gap is skills-based, while two-thirds see it as a headcount gap. This points to a healthy job market with high annual turnover.
Deidre provided further insights, "Talent optimization and utilization needs to be a program because of under-budgeted and undertrained resources. Organizations need to work strategically around full-time employees (FTEs) and contractors to avoid the headcount gap versus skill gap and to avoid retention challenges. They may have headcount but lack the necessary skills. They may have needed those skills at one point but now require something else. Instead of hiring an FTE, they actually need an 8-month contractor. CyberSN has staff augmentation solutions that can help you with your capex opex work gap analysis.”
Deidre Diamond's visit to The White House and CyberSN's contribution to the SANS Workforce Report highlight the critical steps being taken to address cybersecurity workforce challenges. By removing degree requirements, promoting specialized training, and emphasizing the importance of non-salary benefits and DEI, The White House, CyberSN, and other industry leaders are working together to create a more inclusive and effective cybersecurity workforce.
Learn more about how CyberSN's Cyber Workforce Solutions can help empower leaders to attract, retain, develop, and diversify their cybersecurity teams.
CyberSN is thrilled to announce the appointment of Chad Loder as VP of Security Solutions. Loder's return to working alongside Deidre Diamond, CyberSN’s Founder & CEO, marks a new chapter in CyberSN's tenure in empowering security leaders and internal talent teams with cybersecurity workforce risk management solutions.
Chad and Deidre have a history of successful collaboration. Together, they built Rapid7 (RPD)’s world-class engineering, sales, customer success, and people teams, growing recurring revenue from $800k to $50M in just under four years, while also earning multiple successive spots on Boston’s “Best Places To Work” list. Their leadership focused on people: hiring, developing, and retaining talent across all departments, while fostering a five-star client service culture.
“I have always believed passionately that winning requires building great teams and great teams can only be built within world-class cultures. Before you can be in the technology business, you need to be in the people business - this is the key to long-term success, and this is why I’m thrilled to be joining CyberSN to support customers in achieving security excellence,” said Chad Loder. "Working with Deidre Diamond at Rapid7 was an experience I have never forgotten. I have always loved Deidre’s passion for high efficiency, constant improvement, and driving cultures that foster responsibility and collaboration.”
Chad added,“CyberSN has unparalleled expertise in how the world’s best security teams are staffed, organized, and led to success. CyberSN’s Platform and Workforce Risk Management Solutions put this expertise in the hands of security leaders, allowing them to apply the principles and strategies that set top-performing security teams apart from their peers.”
Chad's expertise will be leveraged across all CyberSN Workforce Risk Management Solutions and Platform, further amplifying CyberSN’s research, data, and intelligence while adding AI to our engineering practices and talent solutions. Chad's unique experience in creating security products that lower risk and empower security leaders is a perfect fit with CyberSN's mission.
"Chad's deep understanding of the central role that human beings play in reducing cyber risk, combined with their technical expertise, research capabilities, and leadership experiences makes them an invaluable addition to our team," said Deidre Diamond, Founder and CEO of CyberSN. "Our collaboration at Rapid7 was transformative and super fun! I am confident that Chad joining CyberSN at its 10 year anniversary milestone will propel our platform and services significantly. Together we are focused on the cybersecurity workforce itself as both the greatest challenge and greatest opportunity for reducing cybersecurity risk.”
CyberSN is celebrating its 10th anniversary this year and has evolved into a technology organization that provides comprehensive solutions for cybersecurity workforce risk management. The company is renowned for its cybersecurity taxonomy that clearly defines cybersecurity roles and responsibilities, and its commitment to providing diversity across all solutions from talent acquisition to talent development and talent retention.
About CyberSN:
CyberSN is committed to empowering cybersecurity professionals and their leaders to excel in their careers, lead their workforce, and protect our digital world. Our mission centers on bridging talent gaps, fostering diversity, and enhancing team resiliency with talent retention and development, ensuring organizations can mitigate cyber risks.
This report delivers an in-depth analysis of the U.S. cybersecurity job market, utilizing data from 140,000+ monthly cybersecurity job postings across all 45 functional roles over the past two years.
Explore our latest cyber salary data report for all cyber roles, including an insight into demand and salary increases across CISOs, GRC Analysts, & more.
Within organizations the role of protecting your company’s valuable data and operations is not just about deploying the right technology but also the people who power it. Cyber Security Tribe, a leading online community and content platform, recently conducted a comprehensive state of the cyber security industry survey involving over 250 cybersecurity professionals, shedding light on the current state of the industry in 2024. Among the numerous insights uncovered, perhaps none are as crucial for cybersecurity leaders as those regarding the recruitment outlook.
When it comes to assembling a cyber security dream team, the qualities that leaders prioritize can make all the difference. Leadership respondents were asked to rank various attributes when recruiting talent, the results were as follows:
#1 Passion: Topping the list was passion, with an overwhelming majority of respondents recognizing the vital role it plays in driving success within the cybersecurity domain. Passion isn't just about having a job; it's about a genuine enthusiasm for protecting systems and data from cyber threats.
#2 Experience: Unsurprisingly, experience came in at a close second. In a field where every second counts and the stakes are higher than ever, hands-on experience can often outweigh theoretical knowledge.
#3 Personality/Soft Skills: While technical prowess is undeniably important, cybersecurity is also a people-centric profession. The ability to communicate effectively, work well in teams, and adapt to rapidly evolving scenarios is highly valued by recruiters.
#4 Certification: While certifications remain significant, their importance seems to have diminished slightly compared to previous years. This shift suggests a growing recognition of practical skills and real-world experience over paper qualifications.
#5 Education: Rounding out the list is formal education. While a degree or academic background certainly has its merits, it's clear that recruiters are placing greater emphasis on tangible skills and attributes.
Another crucial aspect of the survey focused on the anticipated staffing changes within cybersecurity teams for the year 2024. The results paint a picture of optimism and growth:
41% Predicting Expansion: Perhaps the most encouraging finding is the sizable portion of respondents (41%) who anticipate an increase in their cybersecurity staff. This reflects the ongoing demand for cybersecurity expertise as organizations continue to priorities digital security in an increasingly interconnected world.
59% Expecting Stability: A significant majority of respondents indicated that they foresee their cybersecurity staff remaining the same in 2024. This suggests a level of stability within the industry, with existing teams expected to maintain their current size and composition.
Zero Expectations of Decline: In a reassuring turn of events, not a single respondent predicted a decrease in cybersecurity staffing for 2024. This underscores the critical importance of cybersecurity in virtually every sector, from finance and healthcare to government and beyond.
As cyber leaders prepare to ensure their organizations security in 2024 and beyond, one thing remains abundantly clear: the human element is just as crucial as the technological one. By prioritizing qualities such as passion, experience, and soft skills in recruitment efforts, organizations can build resilient cybersecurity teams capable of tackling the threat landscape.
Furthermore, the anticipated growth in cybersecurity staffing signals promising opportunities for both seasoned professionals and aspiring newcomers alike. As the digital frontier expands and cyber threats proliferate, the need for skilled cybersecurity professionals has never been greater.
Overall, Cyber Security Tribe's report offers invaluable insights for cybersecurity leaders, serving as a roadmap and providing benchmarks for 2024 and beyond.
If you need support with your cybersecurity talent strategy, view our talent acquisition solutions.
In today's cybersecurity landscape, women leaders, professionals, and those eager to enter the industry face unique challenges and exciting opportunities. Our curated guide contains a list of invaluable resources specifically tailored for women in cybersecurity. Whether you're a seasoned cybersecurity pro or an aspiring newcomer, your toolkit for success within the cybersecurity realm is right here.
Black Girls Hack is a registered non-profit organization. They are a training-focused organization that was created to help increase diversity in cybersecurity by helping to bridge the gap between what is taught in educational institutions and what is necessary for careers in cybersecurity.
While several organizations cater to the interests of women and minorities in cybersecurity, black women in cybersecurity are still severely underrepresented both in the field and by existing infrastructures. BlackGirlsHack meets the needs left unmet by existing services by providing hands-on skills that are focused on people who are upskilling and reskilling in cybersecurity.
Black Girls in Cyber is a non-profit organization that supports women of color and has a mission to increase industry awareness and diversity for black women who are interested in entry-level Cybersecurity, STEM, and Privacy careers .
Latinas in Cyber is the first US based membership organization created by Latina cyber professionals. Their vision is to build an inclusive and equitable community for Latinas focused on development, empowerment, and leadership within cybersecurity.
Secure Diversity is a nonprofit organization that fosters gender diversity, equity, and inclusion in cybersecurity through conferences, networking, mentoring, professional development, and community outreach. One of their primary goals is to raise awareness and increase the number of women and other underrepresented genders in the cybersecurity workforce.
WISP's mission is to "Advance women to lead the future of privacy and security." Their objectives include Education; Mentoring & Networking, Advancement, and Leadership.
The Women’s Society of Cyberjutsu (WSC), a 501(c)3 non-profit, is dedicated to raising awareness of cybersecurity career opportunities and advancement for women in the field, closing the gender gap and the overall workforce gap in information security roles.
Women of Security (WoSEC) is for women, and those who identify as women, who have an interest in cyber security. WoSEC chapters meet in person in cities around the globe to network, vent frustrations, find peers and make new friends. Their activities range from talks and workshops, brunches and other social gatherings.
Virtual and In-Person
Day of Shecurity is a free-to-attend interactive one-day conference that was originally launched in 2017 in San Francisco for women in technology interested in cybersecurity. Day of Shecurity launched in Boston in 2019 and virtual conferences in 2021.
Las Vegas, Nevada
The Diana Initiative is a diversity-driven conference committed to helping all underrepresented people in Information Security. The Diana Initiative features multiple speaker tracks, villages with hands-on workshops, and a Capture the Flag event.
Nashville, Tennessee (2024)
The WiCyS Conference stands as the go-to event for those aspiring to excel in the cybersecurity realm, particularly for WiCyS women in cybersecurity. WiCyS Conference is the go-to event to help you get where you want to be. WiCyS helps organizations recruit, retain and advance women in cybersecurity — all while creating a community of engagement, encouragement, and support at a technical conference.
San Francisco, California (2023)
ChIPs Global Summit's programming includes cutting-edge topics at the intersection of technology, law and policy, as well as insightful discussions about diversity and inclusion, career development and leadership. Panel topics included cryptocurrency, Supreme Court IP cases, sustainable energy, leadership fundamentals and inspiring keynote discussions.
This podcast is devoted to the world of information & cyber security and the great women who make it turn. The podcast sheds light on the routes to the various technical and non-technical roles in this space, as well as exploring the skill sets required to be successful.
Security in Color is a media platform aiming to educate, empower and provide accessible cybersecurity resources to everyone.
The podcast features a diverse range of guests for all walks of InfoSec, to talk about their careers, jobs, and how they got to where they are today. Featuring host Tanya Janca.
This webinar series was created to share stories of how the most recent cybersecurity professionals are breaking into the industry.
Security in Color is a media platform aiming to educate, empower and provide accessible cybersecurity resources to everyone.
Cyber Queens Podcasts is a podcast enabling women to level up their careers in cyber.
Day of Shecurity’s YouTube Channel includes videos of talks and sessions from the various DOS events.
WiCyS is a global community of women and men. They are dedicated to bringing talented women together to celebrate and foster their passion and drive for cybersecurity. This YouTube channel is home to their global affiliates and strategic partner broadcasts, helpful resources, and more!
This is Women’s Society of Cyberjutsu (WSC) YouTube channel. WSC is dedicated to raising awareness of cybersecurity career opportunities and advancement for women in the field, closing the gender gap and the overall workforce gap in information security roles.
Cyber Queen was founded with the purpose of enabling and empowering more women to succeed in cyber security.
Cyber Queen was founded with the purpose of enabling and empowering more women to succeed in cyber security.
- Workforce development accelerator helping close the cybersecurity talent gap through a fast track technical training and mentorship.
- To help fill the skills gap, the SANS Institute created the SANS CyberTalent Immersion Academy, an intensive, accelerated training program that provides world-class training and GIAC certifications to quickly and effectively launch careers in cybersecurity.
- Code Like a Girl is a social enterprise providing girls and women with the confidence, tools, knowledge, and support to enter, and flourish, in the world of coding!
- CybHER’s mission is to empower, motivate, educate, and change the perception of girls and women in cybersecurity.
If you're looking for valuable insights into the cybersecurity job market, be sure to check out CyberSN's blog. Our team has created a variety of informative posts covering topics such as job searching, advancing your cybersecurity career, decoding cybersecurity roles and job titles, and more.
If you're unsure about the various types of cybersecurity jobs that are available, CyberSN's Career Center can help. It features a comprehensive breakdown of technical, non-technical, and security leadership roles within the cybersecurity community, so you can easily find the positions that best match your skills and interests.
