How a CISO Transformed Spreadsheet Chaos into Clear Visualization of Cyber Capabilities with CyberSN
Carraig Stanwyck, a Fortune 200 CISO, has spent his career focused on people—across government service, startups, and large enterprises. Carraig believed his people‑focused approach, supported by Excel spreadsheets and team surveys, was enough. After meeting Deidre Diamond, Founder & CEO of CyberSN, at the RSA Conference in 2024, he discovered the transformational potential of CyberSN’s Cyber Workforce Risk Management Service and Platform.
Carraig’s career began in human intelligence, a foundation that shaped his leadership style. “If you get the people right, everything else comes together so much easier,” he reflected. Known for prioritizing his team’s well-being, Carraig was already conducting surveys and one‑on‑one check‑ins. As he later admitted:
Diamond added that Carraig was already ahead of many leaders in caring about people. Still, spreadsheets simply couldn’t capture workforce risk dynamically: “It’s tough with Excel spreadsheets, lots of your time to get that right, only for the data to change in weeks or months.”
Carraig’s Excel‑driven approach provided snapshots but lacked scalability, real‑time visibility, and actionable data. His team’s evolving roles and capabilities weren’t fully captured, making strategic planning difficult. Like many leaders, he knew no other option than spreadsheets.
The deeper challenge that leaders face and are often unaware of, just like Carraig, is that changes in resource utilization instantly impact cyber capabilities. How resources across full-time employees, contractors, MSPs, consultants, and part-time staff are being utilized changes so frequently that risk postures become inaccurate. Therefore, a leader must keep this data updated in order to truly move the needle in operational efficiency, innovation, budget approvals, and talent retention.
Job descriptions are used to create strategies, yet they quickly become outdated and are almost never updated. This is why strategies often fail or stall. Leaders are working off incorrect assumptions of resource utilization, relying on data that expires almost as fast as it’s created.
As Diamond explained, “The job description of our talent is old within weeks or months, if it was even created correctly at all. A job description should be the source of truth for workload management."
Carraig added, "Every cybersecurity team says, 'we don't have enough people.' But how do you actually quantify that?"
CyberSN’s Platform transformed how Carraig understood his team. Instead of relying on static surveys, he gained a living, breathing view of his team’s skills, utilization, and career aspirations.
The taxonomy‑driven platform enabled him to visualize workforce capabilities at both the individual and organizational level, offering clarity he couldn’t replicate with spreadsheets. Following the Cyber Fusion Model, CyberSN extends this methodology into external resources as well, including contractors, MSPs, consultants, and part-time staff.
Diamond highlighted another benefit of this level of insight: accelerated hiring. “After we finished the workforce risk management project, the team filled a role within weeks that had been open for a very long time. When we truly know resource allocation, hiring is easy!"
CyberSN’s dual visualization of people and capabilities became a game‑changer. “You can see the whole org chart by people…but then flip it and see it by capabilities. What are we staffed for? What are we missing? How do we plan for growth?” he explained. This new lens transformed Carraig’s conversations with executive leadership.
Instead of replacement, Carraig embraced empowerment:
He called this the “bionic” approach: empowering humans with visibility and tools, not replacing them. “How do we make them able to do more with less? That’s the smarter long-term approach.”
Diamond connected this philosophy to broader industry challenges. With poor retention and burnout, she noted, organizations lose operational efficiency as well as professional efficacy. Diamond also pointed out that workforce visibility helps leaders make more strategic resourcing decisions.
Sometimes the answer isn’t hiring another full-time employee, but engaging a contractor or SOW to fill a need and then later hire the FTE for a career opportunity. With CyberSN’s Workforce Risk Management Program and visibility, those decisions become clearer and more strategic.
Carraig realized his people weren’t single‑purpose hires but versatile “multi‑tools.”
He added: “When you know what gaps you have, you can effectively build custom job descriptions for the roles you actually need.”
Diamond emphasized how this shift addressed a long-standing industry problem: “As a community, we’ve been making a strategy off poor job descriptions and titles. Seeing people as they’re actually being utilized today and keeping that data current is game-changing.”
Carraig initially relied on surveys to gauge staff well-being and flight risk, but CyberSN’s approach uncovered far deeper insights. “Happiness is important. But feeling fulfilled and having a purpose—that’s the key,” Carraig stated. With CyberSN’s data, he was able to create tailored development plans, map career paths, and strengthen retention across his team.
Carraig Stanwyck’s journey highlights the shift from reactive, spreadsheet‑based workforce management to a strategic, data‑driven approach. With CyberSN’s Workforce Risk Management Program, leaders gain real‑time visibility, stronger retention, and the ability to make a compelling business case for resources and growth.
Carraig embedded the CyberSN Platform into his leadership model. His management team was mandated to keep the CyberSN Platform updated through regular check-ins with their direct reports—every 90 days or whenever a change occurred, and to update job descriptions accordingly to reflect the work employees were actually doing. So that the view of the team's cyber capabilities were always up to date. Their performance goals were tied directly to this accountability.
As Diamond summarized: “Once leaders have workforce visibility, they can finally be proactive instead of reactive—making the right moves for their people and for the business.”
Ready to move beyond spreadsheets? Explore CyberSN’s Workforce Risk Management Service and Platform and gain real-time visibility into your team.
CyberSN’s Workforce Risk Management Service and Platform
