As a partner at SPMB, Radley Meyers works with a variety of technology and tech-enabled-services companies, placing senior-level executives at venture capital-funded, private equity-backed, and publicly traded companies. A key area that Mr. Meyers brings extensive knowledge and expertise to is SPMB’s security and data-related search work. He leads both functional searches, and also builds out executive teams at top security software and data companies. Mr. Meyers recently sat down with Hunt Scanlon Media to share his views on the booming cybersecurity market.
Radley, explain to us the market for cybersecurity executives.
I’d split this into two categories: cybersecurity companies and functional security searches. The cybersecurity companies continue to be highly active in the recruiting market, specifically hiring CRO, CMO, COO, CEO, and president roles. This is in line with broader recruiting themes no matter the industry. Companies are trying to turnaround what has been an underwhelming market over the past 18 months or so, and the path to doing so is generally through these five functions. As for security companies specifically, it’s important to note that there are a lot of new entrants into the security industry that are tying AI and cybersecurity together. This is especially true in the threat intelligence space, which makes sense given the higher visibility of breaches in today’s environment. Functional security searches (CISO, VP security, etc.) have been less active in 2024 than my peers and I expected at the start of the year.
Why do you think this is?
I believe this is because many companies are in ‘wait and see’ mode due to the current economic climate, paired with it also being an election year in the U.S. My expectation going into the year was there would be increased pressure for companies to uplevel security programs, leading to a higher volume of security executive searches, but most activity has been the result of current executives retiring or moving on from their roles, or hiring at a step below the CISO level. However, I’d anticipate this will pick up in 2025.
Are organizations continuing to invest in cybersecurity talent?
In the last five years I’ve noticed a significant shift at companies investing in the next group of security leaders, which has resulted in a new wave of security executives prepared to take on the top job. This will continue to evolve and improve over the next few years as these “deputies” get more board level exposure and get deeper into the executive function within their companies. The other thing worth noting is the continued rise of CISO leadership into broader CIO, or even chief digital/data roles, reporting directly to the CEO in many cases. The fact that companies are elevating security leaders into these broader roles creates a clear growth path and allows for those who have been in CISO roles to better develop that next group of executives in a familiar environment.
What is preventing people from entering this field?
While compensation for security executives has definitely become more consistent and in line with other C-level executives, there still remains some discrepancy in compensation throughout the market. Another significant factor that’s discouraging people from entering the field is the personal risk that is tied to the position. Security leaders who saw how things played out at Uber or the recent Solar Winds situation are definitely being more cautious when looking at opportunities. I am seeing more candidates negotiating for protection through D&O insurance to mitigate their personal risk. Another reason people are either opting out of security as a long term career option, or are leaving the field after reaching the CISO level is the increased, and increasing, opportunity as a consultant or founder. Over the last decade, the emergence of security as an active member of product development in software companies has developed a breed of security executives who are very product minded, which has led to strong executives rolling the dice as entrepreneurs.
In regards to AI, what are some ways recruiters are using this technology to help their jobs?
Proprietary research is such a vital part of any recruiting firm. At SPMB we have nearly five decades of institutional knowledge and data that allows our research function to educate themselves on specific topics quickly and efficiently. That said, generative AI tools have been incredibly useful for validation and idea generation to supplement this institutional knowledge we already have in place. We like to be on the cutting edge of technology, so we are always looking for ways to leverage new technology to drive efficiency in the firm, but we also recognize that decades of first-hand experience are more reliable than current AI technology, so we take a very balanced approach to AI internally.
When looking to recruit cyber executives, what are the most important traits/skills you look for?
The number one thing when looking at cybersecurity executives is executive presence. This seems like an obvious statement, but it hasn’t always been a key criteria for these roles. For a long time, being out of the spotlight was viewed as a positive for security executives — meaning, no news is good news. As security has become more embedded into product development, data management, and customer facing activities, the ability for a security leader to be a vocal advocate, internally and externally, has become table stakes. Security is not purely the security team’s responsibility, so finding an executive with a track record of driving a culture of security throughout the organization, and being able to articulate thoughtful strategy and progression on their program to the board is paramount. Additionally, specifically within software companies, we look for security executives who have a track record of working with product and data teams closely. Ideally, having embedded teams that overlap with the chief product or chief data officers’ teams, and have strong influence over the strategy for these functions
