We Need a New Approach to Hiring

When Gary Hayslip, the CISO for Webroot, Co-Author of The CISO Desk Reference Guide, and a highly valued and trusted leader in the security industry asked for my input on his article, I told him I would be more than happy to share my thoughts. I have a lot to say on this subject after 19 years in the recruiting profession, 14 of those years running my own firm, and the last 2.5 years exclusively focused on cyber! No one has this type of time on their hands, so I will break this down into several articles over the next couple of months!

There are so many moving parts to this issue, and as Bill Bonney, Gary’s Co-Author of the CISO Desk Reference Guide, so eloquently and accurately breaks down in his response to Gary’s piece, How We Want Recruiting and Hiring Managers to Behave, this is a problem that needs to be addressed by recruiters, hiring organizations and all the stakeholders involved in the hiring process, and job seekers together.


I appreciate Gary and Bill recognizing CyberSN as a company that is dedicated to solving the challenges associated with hiring security professionals and the frustrations they experience on the job search front. We are on a mission to dramatically decrease the frustration, time, and cost associated with job searching for IT Security and Cyber Sales professionals. You can read more about our Founder & CEO, Deidre Diamond’s Mission and Vision here.

Deidre and I met at the RSA Conference in 2015 when I was still running Indigo Partners, and we connected instantly. Rather than seeing each other as competitors in this small cyber recruiting niche, we bonded in discovering how perplexed and disheartened we each were by our very own recruiting profession and the bad, but deserving rap, that our industry has earned as a result of the very behavior Gary discusses in his article, which is what led us to found our own firms in the first place, and ultimately unite

The commoditized, keyword search approach to recruiting, that I believe emerged in recruiting in the ‘90s as a result of the job boards’ arrivals, was already a problem when we were each placing IT and software professionals; it’s just further exacerbated in InfoSec as Gary, Bill, and so many of you have experienced in this noisy marketplace.

This is unfortunate for the job seekers who get bombarded by LinkedIn requests, emails, and calls about unrelated, mismatched jobs. It wastes their time and leads them no closer to identifying their next opportunity. It’s bad for the hiring organization, who engages several agencies expecting candidates to be properly vetted, but ends up creating more work for themselves by fielding untargeted, sub-par resumes from multiple sources that don’t get them any closer to filling their jobs. It’s a colossal waste of money, time, and energy that companies are expecting to avoid by turning to an external firm in the first place.

Contingency search is an outdated, broken model that needs to be re-examined by both hiring companies and recruiting agencies to determine the true cost of doing business this way for both parties. You can read an article I wrote about the lunacy of contingent search “Would You Work for Free?” here.

On the surface contingency search seems to make sense, most especially for the hiring organization. Give the open position to several agencies and may the best man or woman win. There is perceived little risk to the company, who only pays a fee to the recruiter if their candidate gets hired.

The hiring organization thinks more is better, meaning, they believe they are maximizing coverage of their job and increasing the probability of a successful hire, when in reality, it’s the exact opposite. The more agencies a hiring organization gives the opening to, the less the contingent recruiter works on it because of the inherent risk involved, thus the unskilled, low-cost provider behavior that ensues. The feeding frenzy (or as my security friend Chris Olive calls it, “The Hunger Games of Recruiting”) kicks in as soon as they receive the job order. The risk and cost is too high for most contingent firms to invest the time, energy and resources to conduct a search the way a hiring organization truly needs it to be executed.

While the contingent recruiter is often competing against other agencies that vary widely in skill, process and integrity, they are also competing against their internal recruiters, hiring managers’ networks, employee referrals, company website job posting, and external paid job board postings. This is all in the hopes they will beat the odds that are stacked against them to “earn” their fee and get paid for the quite hard and time consuming work involved with sourcing, engaging attracting, and securing exceptional talent, WHEN it’s done properly.

And the ultimate hope, of course, is that the company will NOT end up not having to pay a fee due to their own sourcing efforts, even though they really appreciate the efforts of the “good” contingent recruiters who actually do due their due diligence and do the job the way it’s meant to be done.

It puts both the “good” and “bad” recruiters in a position of assuming all the risk and working literally for free with companies while demanding that the specialized, experienced and adept recruiters lower their fees to the same below-market fees that the aforementioned under-skilled, under-performing and sometimes unethical recruiters agree to!

Contingency search doesn’t make sense for the highly-skilled, professional, seasoned recruiters who have spent their entire careers building genuine long-term relationships with their clients and candidates making true matches. All recruiters are not created equally, as we have all experienced, and companies have to stop lumping them into the same bucket, expecting to pay the same price across the board for their services. The old adage, you get what you pay for, certainly applies here.

Just because the recruiting industry and hiring organizations have always done things a certain way doesn’t mean that’s the most efficient or effective way to do business, as we have all painfully experienced over the years. A paradigm shift is required for how companies go about securing security talent and how recruiting firms operate in order to remain profitable and relevant, and we at CyberSN are in the process of breaking the rules of our industry in order to fix what’s broken and make job search simpler.

In my next post, I will share how our “Engaged Model” is a no-brainer if you have a critical opening that needs to be filled quickly and efficiently and the budget to pay an external niche recruiter. If you are mentally and physically prepared to pay an agency fee, then engaging one firm who specializes in the area you are hiring for just makes good business sense.

“The real cost of your jobs remaining open” series on the subject of cyber staffing and recruiting challenges is also forthcoming. We will peek behind the curtain to see how companies create their own roadblocks with their current recruiting strategies and how to remove the barriers that are getting in the way of hiring the best security talent. Hint: It is not based on the cyber talent shortage!