Digital security officer recruitment challenges and victories on the cyber battlefield

Veteran cybersecurity recruiter Stephen A. Spagnuolo kicks off an an engaged dialogue around the human capital element and related corporate development trends/issues in the cybersecurity space


“ . . . The ultimate stakes here are of highest order . . . It is essential and imperative that we as a community collectively build an in-depth cybersecurity ecosystem; one that is inter-connected and weaves US commercial and national security and infrastructure protection priorities. We’re at an inflection point where there must be a wholesale new approach to how we think about security and risk management and mitigation at the corporate leadership level, and in particular how we creatively staff those functions. I am thus committed to doing my small part . . .”

S. A. Spagnuolo I HMG Strategy CIO Summit of America I Headhunter Panel I ‘Strategic Leadership in a World of Accelerated Change’ I New York NY, Jan. 26 2016

Greetings . . .

This blog will focus on issues related to digital security officer recruitment challenges and initiatives, and more broadly the prevailing trends in and around cybersecurity from a human capital / talent management perspective. 

By way of background, I lead the CyberSecurity Recruitment & Leadership Advisory Practice for ZRG Partners, a global executive search and leadership advisory firm.

This is a cybersecurity content blog . . . There will be regularly referenced notable “people moves” and their potential impact on the broader cyber ecosystem. Moves such as Michael Fey recently being named President and COO of Symantec, via its acquisition of Blue Coat; Steve Surdu, who formerly led Mandiant’s Professional Services Group, joining Covington’s newly stood up Incident Response Team as senior cybersecurity adviser; and with great anticipation we look forward to the forthcoming announcement on the selection of our nation’s first Federal CISO (word is any day now).  

To be clear, however, this blog is not intended as an all-inclusive monthly who’s who; nor will it serve as a laundry list of latest breaking news. As blogger, I shall exercise my prerogative to discuss those topics that I find professionally meaningful and relevant. As reader, you will of course exert your right to agree, disagree or simply ignore altogether what I have to say. Hopefully, more often than not folks here will find my musings at least interesting and hopefully provocative. Importantly . . . It’s the dialogue we collectively engage in that counts. 

As a “get-to-know” primer on who I am, where I come from, and directionally where I’m heading in and around cybersecurity recruiting, I’ll refer to one of my early thought leadership pieces . . . I wrote A Call for a National Cyber Counterinsurgency two years ago. You’ll note that several of the ‘big picture’ line items I advocated for then . . . have since been addressed or are currently under review, including: CISA was signed in to law Wiki CISA; debate is currently ongoing on rolling out US Cyber Command as a stand-alone unified command USNI Senate Debate on US CyberCom; and US-Israeli cyber collaboration has recently been further strengthened and cemented DefenseNews US-Israeli Cyber Pact.

Last month, my team and I completed our months long study on the intrinsic force-multiplier qualities that top tier CISOs have in common. Herewith I present ZRG CyberSecurity’s study findings and accompanying report titled Unlocking the DNA of Successful CISOs:  What to Look For and What to Avoid. I’m pleased to note our report was published in its entirety in the June 10 edition of The Wall Street Journal - Risk & Compliance Journal How To Make A CISO.

I look forward to reporting on a range of headliner topics, including progress on The Administration’s Cybersecurity National Action Plan (CNAP), market trends around consolidation within the sector, notable M&A deals in and around cybersecurity (KKR backs Darktrace) and incremental progress addressing the stark information security threats to our National Grid.

Bottom line . . . It is essential that corporate leaders attack their information security challenges with a vigorous risk management/business unit leader mindset. This is where I operate.

I look forward to our reconnecting next time around.

Let’s keep at it . . .


The opinions expressed in this blog are those of S. A. Spagnuolo and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)