As a partner at SPMB, Radley Meyers works
with a variety of leading technology and
tech-enabled-services companies, placing
senior-level executives at venture capital-funded,
private equity-backed, and publicly traded
companies. A key area that he brings extensive
knowledge and expertise to is SPMB’s security and data-related
search work.
Mr. Meyers leads both functional searches (CISO, CDO, and
VPs defining security and data strategy), and also builds out
executive teams at top security software and data companies.
The comprehensive nature of his work—on both the software
vendor and the operating side—gives him a unique and in-depth
understanding of today’s market that, in turn, helps drive successful
outcomes for his clients. Mr. Meyers recently sat down with Hunt
Scanlon Media to discuss what he is seeing in the supply and
demand for cybersecurity leaders and how their role has evolved in
recent years.
Give us an overview of the market for cybersecurity recruiting
The market remains extremely hot for security professionals, which
is no surprise given the high profile headlines around security
events we see on an almost daily basis. So, while hiring has slowed
for other executive functions, savvy companies are ramping up
their efforts around security hiring — and are also upleveling their
existing security team and resources to get more from the function.
In fact, I am seeing a lot of companies look at their CISO and think:
How can we broaden the role of security in our organization? The
answer to this question varies depending on the company — but
I’ve seen CISOs take over IT, data, product, engineering, and sales
teams. Again, a CISO’s remit depends heavily on the industry and
future vision of the company, but there is no question that the role is
expanding meaningfully and quickly.
Any other trends that you are witnessing?
The other theme worth noting is companies are exploring hiring a
true CISO (vs. a director or “head of”) much earlier in their growth
cycle. Historically, an upcoming IPO triggers the hiring of a CISO.
Comparatively, earlier stage companies/startups tend to leverage
more junior security leaders as they begin to scale. However,
given the themes noted above paired with the complexity around
international/global growth and the regulatory requirements tied to
that growth, companies are bringing more tenured talent in-house
earlier on in their growth journey.
Why is this sector so important to all companies and
organizations?
The rise of the CISO and companies prioritizing the importance of the
broader security organization has been encouraging, and perhaps
long overdue. Historically, the most highly regulated industries
like healthcare and financial services have prioritized security and
helped lead the way. Today, in a digital first world, there is so much
information and data at risk that every company, big or small, is
having to evaluate their security posture and mature their security
programs accordingly. Customers and consumers want to know that
their data is protected and that by being a customer or a partner they
are not at risk. Having a security leader who is capable of building
a strong program, and also has the ability to convey this strategy
to customers is both critical and highly sought-after. Security is no
longer (and probably never should have been) a “behind the scenes”
function; instead, it is now fully entrenched in the sales, product, legal,
and technology organizations. As companies continue to recognize
the damage that security events have on their brand (and bottom line),
the more investment they will make into the function.
What are some challenges you are seeing in the market for
these top executives?
The market is evolving quickly, but certain things are going to take
some time to catch up — one of which is the wide spectrum with
regard to compensation. You’re seeing CISOs with similar job
scopes, within the same industry, at similar scale with drastically
different compensation models. I believe the next shoe to drop, that
will help establish more compensation consistency, is an updated
reporting structure for CISOs and security executives.
Are CISOs today reporting directly to the CEO?
Today a small percentage of CISOs report directly to the CEO.
However, this number is growing steadily as companies see the
value in their security executive having a direct line to the CEO. It no
longer makes sense to have your CISO buried two to three levels
below the CEO where their influence and impact is minimized.
Security executives need a seat at the table in order to protect their
organizations and their customers from the onslaught of cybersecurity
threats that only continue to grow year after year. This notion is
being reaffirmed by the SEC and their proposed new cybersecurity
disclosure rules for public companies that stress the importance of
cybersecurity expertise and inclusion on boards as a critical part of
corporate governance and board oversight going forward.
What is the current demand for CISOs?
The demand is as high as it’s ever been — and for good reason.
Given the massive implications of high profile cybersecurity events
like SolarWinds and Log4j, or even the news cycle surrounding Uber
and Twitter security leadership, boards are hyper aware of the need
for top-tier security leadership. That said, there is a finite number of
“been there, done that” CISOs available today who fit the modern
CISO profile, meaning that they can effectively work with product,
sales, IT, etc. The demand definitely outweighs today’s supply,
which creates a bit of a void, but it also puts even more pressure on
companies and leaders to develop a strong bench of future security
leadership. This requires investment and commitment to growing
and maturing security programs at most companies that have
reached a certain scale across all industries.
