How a CISO Transformed Spreadsheet Chaos into Clear Visualization of Cyber Capabilities

Carraig Stanwyck, a Fortune 200 CISO, has spent his career focused on people — across government service, startups, and large enterprises. Carraig believed his people-focused approach, supported by Excel spreadsheets and team surveys, was enough.

After meeting Deidre Diamond, Founder & CEO of CyberSN, at the RSA Conference in 2024, he discovered the transformational potential of CyberSN's Cyber Workforce Risk Management Service and Platform.

Throughout his career, Carraig operated from a core belief that cybersecurity success starts and ends with the people on the team.

"If you get the people right, everything else comes together so much easier."

— Carraig Stanwyck, Fortune 200 CISO

When Deidre Diamond asked him to demonstrate how he visualized his workforce data, the limits of a spreadsheet-first approach became clear.

"We were talking about people and the value of people. Deidre asked me to show how I visualized the data. That's when I realized the limitations of my DIY spreadsheet approach."

— Carraig Stanwyck, Fortune 200 CISO

"It's tough with Excel spreadsheets — lots of your time to get that right, only for the data to change in weeks or months."

— Deidre Diamond, Founder & CEO, CyberSN

Diamond noted that Carraig was already ahead of many leaders in caring about people — but that spreadsheets simply couldn't capture workforce risk dynamically.

The Excel Trap: Limited Cyber Workforce Visibility

Carraig's Excel-driven approach provided snapshots but lacked scalability, real-time visibility, and actionable data. His team's evolving roles and capabilities weren't fully captured, making strategic planning difficult. Like many leaders, he knew no other option than spreadsheets.

The deeper challenge that leaders face — and are often unaware of — is that changes in resource utilization instantly impact cyber capabilities. How resources across full-time employees, contractors, MSPs, consultants, and part-time staff are being utilized changes so frequently that risk postures become inaccurate. A leader must keep this data updated in order to truly move the needle in operational efficiency, innovation, budget approvals, and talent retention.

Outdated Job Descriptions Mask True Cybersecurity Capabilities

Job descriptions are used to create strategies, yet they quickly become outdated and are almost never updated. This is why strategies often fail or stall. Leaders are working off incorrect assumptions of resource utilization, relying on data that expires almost as fast as it's created.

"The job description of our talent is old within weeks or months, if it was even created correctly at all. A job description should be the source of truth for workload management."

— Deidre Diamond, Founder & CEO, CyberSN

"Every cybersecurity team says, 'we don't have enough people.' But how do you actually quantify that?"

— Carraig Stanwyck, Fortune 200 CISO

Real-Time Cyber Workforce Visibility and Management

CyberSN's Platform transformed how Carraig understood his team. Instead of relying on static surveys, he gained a living, breathing view of his team's skills, utilization, and career aspirations.

"With CyberSN, you can re-interview your people to reflect what they're actually doing. You see that someone hired as an analyst is doing engineering work — and maybe they're better on the engineering team."

— Carraig Stanwyck, Fortune 200 CISO

The taxonomy-driven platform enabled him to visualize workforce capabilities at both the individual and organizational level, offering clarity he couldn't replicate with spreadsheets. Following the Cyber Fusion Model, CyberSN extends this methodology into external resources as well — including contractors, MSPs, consultants, and part-time staff.

"After we finished the workforce risk management project, the team filled a role within weeks that had been open for a very long time. When we truly know resource allocation, hiring is easy!"

— Deidre Diamond, Founder & CEO, CyberSN

From Reactive to Strategic Workforce Planning

CyberSN's dual visualization of people and capabilities became a game-changer for executive communication and strategic planning.

"You can see the whole org chart by people — but then flip it and see it by capabilities. What are we staffed for? What are we missing? How do we plan for growth?"

— Carraig Stanwyck, Fortune 200 CISO

"It's easier to get budgets. Easier to make a business case. CIOs, CFOs, and CEOs can now understand workforce risks in a more quantifiable way."

— Carraig Stanwyck, Fortune 200 CISO

• Visualization of cyber capabilities, gaps, and talent utilization
• Organizational and cyber strategy synced with the Cyber Fusion Model
• Roles and responsibilities clearly defined and easily updated
• Quantifiable data for executive business cases and budgets
• Improved career planning and retention

A Shift in Workforce Philosophy

Instead of replacement, Carraig embraced empowerment — finding ways to maximize the value of the people already on the team.

"I'm excited about companies that take a smarter approach. How do we empower the 'human'? It's like putting that superhero costume on rather than getting rid of them. How do we make them able to do more with less? That's the smarter long-term approach."

— Carraig Stanwyck, Fortune 200 CISO

Diamond added that workforce visibility enables leaders to be strategic about resourcing — sometimes the right answer isn't hiring another full-time employee, but engaging a contractor or SOW to fill a near-term need, then hiring the FTE for a long-term career opportunity.

Empowering Multi-Tool Cybersecurity Teams

"When you figure out what they end up doing — even if it wasn't what they were hired for — you start realizing these people are multi-tools. It allows you to maximize the value they provide."

— Carraig Stanwyck, Fortune 200 CISO

"When you know what gaps you have, you can effectively build custom job descriptions for the roles you actually need."

— Carraig Stanwyck, Fortune 200 CISO

"As a community, we've been making strategy off poor job descriptions and titles. Seeing people as they're actually being utilized today — and keeping that data current — is game-changing."

— Deidre Diamond, Founder & CEO, CyberSN

From Employee Happiness to Career Fulfillment

Carraig initially relied on surveys to gauge staff well-being and flight risk, but CyberSN's approach uncovered far deeper insights into what drives people to stay and grow.

"Happiness is important. But feeling fulfilled and having a purpose — that's the key."

— Carraig Stanwyck, Fortune 200 CISO

"If you know where an employee wants to go and how they feel about the team, you get all this extra data — giving you the ability to craft individual career development plans for them and the ability to help them move through different parts of the team."

— Carraig Stanwyck, Fortune 200 CISO

Carraig Stanwyck's journey highlights the shift from reactive, spreadsheet-based workforce management to a strategic, data-driven approach. With CyberSN's Workforce Risk Management Program, leaders gain real-time visibility, stronger retention, and the ability to make a compelling business case for resources and growth.

Carraig embedded the CyberSN Platform into his leadership model. His management team was mandated to keep the platform updated through regular check-ins with their direct reports — every 90 days or whenever a change occurred — and to update job descriptions accordingly to reflect the work employees were actually doing, so that the view of the team's cyber capabilities was always current. Their performance goals were tied directly to this accountability.

"Once leaders have workforce visibility, they can finally be proactive instead of reactive — making the right moves for their people and for the business."

— Deidre Diamond, Founder & CEO, CyberSN