• United States



CSO contributor

How security leaders can effectively manage Gen Z staff

Mar 01, 20237 mins
CSO and CISOStaff Management

To attract and retain Gen Z professionals CISOs must know what this generation values and their strengths to be an effective part of cybersecurity teams.

In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations.

Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the ages of 11 and 28. This means they grew up experiencing a much faster rate in which technology evolves. The first iPhone, for example, was launched in January 2007 with its successor coming out in June 2008, creating what would become an almost yearly update that made thousands of people line up in front of Apple stores across the world on release day. During the period, the internet went from a somewhat new thing to something people used daily, further increased by the easy access brought by smartphones.

There is only a small portion of Gen Z that is already in the specialized workforce, therefore hard data to quantify it is scarce. ISACA recently surveyed just over 1,900 security professionals and found in these numbers less than a handful of respondents from Gen Z.

What Gen Z expects from employers

Researchers and those who have worked with Gen Z seem to agree on several points: This generation saw parents and grandparents struggle through recessions, they have been raised in a connected world, and they lived through a global pandemic when some were reaching adulthood.

Growing up with much easier access to the internet and technologies, this generation tends to find it easier to understand tech and its applications. When it comes to finding work, Gen Z also knows what it is looking for. “I found Gen Z look for employment opportunities that agree with their ethos and they may compromise on financial benefits in doing so. They value flexibility and work fitting around life rather than the other way around,” says Sameera Bandara, who is head of IT at gold mining company St Barbara and has a career working in cybersecurity, having employed people from various generations.

This connection to their ethos also means they are more likely to create something new rather than accept a situation that isn’t ideal for them. They do value flexibility, as Bandara points out, and are less likely to become a slave to their job like previous generations who would not naturally question silent expectations some employers may have, such as that they constantly work late.

At the same time, Gen Z wants autonomy and believes that should come as a reward based on performance. “I have found there is a stark contrast between how Gen X and Gen Z approach working hours. In a team where I had both generations employed, I found the Gen X employee was more regimented about the hours worked whereas the Gen Z employee was focused on productivity and performance rather than hours worked,” says Bandara.

Other characteristics Bandara noticed while working with Gen Z is their clear focus on working for companies that aligns with their values and, from a managerial perspective, they prefer a less hierarchical and more personal relationship with their managers.

How employers perceive Gen Z

Another point that the people I spoke to seem to agree on is that this generation needs to know the “why” before getting any job done. It is almost as if they need to be convinced as opposed to others who may simply just get on with the job.

Despite the challenge this may pose, there are often positives to take from them as well. Bandara says one of his biggest challenges is the tendency Gen Z has to communicate electronically, even when sitting right across from the team. “Given that a lot of communication can be misinterpreted without other cues this was a challenge in building a tight knit team.” On the other hand, this was compensated with a strong capability to build a relationship with someone that they’ve never met entirely using electronic media, says Bandara.

One of the biggest lessons Bandara took from working with this generation is that, rightly managed, highly dispersed yet tight-knit teams can be successfully built using only electronic communications.

Other employers of Gen Z in a broader spectrum, have noticed they are hungry for knowledge, but this can be perceived as impatience at times as once they believe they have learned and executed a task successfully they want to move on to the next challenge.

Gen Z is also good at communicating their expectations clearly and asking for feedback, says Biljana Cerin, CEO of Ostendo Consulting. They can also be easy to manage when it comes to following policies and procedures once they understand the importance and the reasoning behind these, she says.

Strategies for CISOs to retain Gen Z

Now that you have an idea of what to expect from Gen Z employees you can work with other professionals in the organization—such as area managers and human resources—to help establish where this generation of professionals may fit within your teams and how to work with them without alienating others.

Actively focus on shared values

As mentioned above, Gen Z will look for jobs in organizations that share their values. Gen Z is likely to remind their superiors of such values if they find themselves being asked to do something that goes against such. Be ready for situations like this and make sure the company’s values isn’t just a marketing creation. Another way to look at this is to proactively go after individuals whose values resonate with the company’s.

Be open minded to alternative working styles

All working generations have experienced pros and cons of work from home, the office or a mix of both. This is unlikely to be a Gen Z-only preference, but younger generations may be more prone to think, “Why do I need to go to a specific location to do a job I can perform from anywhere?”

Gartner’s recent human resources research—not only focused on tech workers—found the rise in hybrid work has meant that many new-to-the-workforce employees have had few in-person opportunities to observe norms and determine what is appropriate or effective within their organizations. The solution posed by the research firm is not to force a return to the office but build intentional connections among employees.

Have an open mind. Many Gen Z entered the workforce during the pandemic, which shaped their perceptions of what to expect. Older generations knew the before and adjusted back to the office quickly but the same can’t be expected of the younger generations.

Help Gen-Z grow

The two aspects here are peer training and paid training. Gen Z is eager to learn but also to move forward, now even though this may not be effective to all roles it can be a positive in cybersecurity where attackers and attacks are always evolving fast.

Share knowledge with them and put them to work with others willing to do the same. Be open to offer and accept requests for paid training, as this will keep them motivated at the same time as they feel valued.

Every generation is different but generational characteristics should not be a CISO or any manager’s only knowledge base. It is important to know that every person is different and likely requires a different type of management. Not all Gen Z employees will prefer to work from home or communicate only electronically, and the same applies to the previous generations who worked for most or a large portion of their work life from the office, as they may have found that they work better from home.

CSO contributor

Maril Vernon, known as the “One Woman Purple Team',' is an ethical hacker, co-founder and host of The Cyber Queens Podcast, senior offensive security engineer and proven program manager and pioneer in the purple teaming space — a niche in offensive security testing that has recently gained popularity demonstrating cyber resilience in the cyber threat landscape. Maril has built and tested purple teaming operations across multiple industries, from start-ups to FAANG-sized, most recently for Zoom Video Communications as a member of the dedicated red team. Maril’s expertise on red team best practices was recently featured on CSO Online and at the Red Team Roundup hosted by the Wild West Hackin’ Fest. Her knowledge and skill pioneering purple team operations has been featured on numerous webinars with the Plextrac CEO and Scythe CTO and at the subsequent Purple Team Roundup by WWHF. She has also been named one of the ‘Epic Women in Cyber’ and has interviews published with NIST and The Hacker Factory and is a contributing editor of the latest MITRE ATT&CKv11 Enterprise Matrix for Linux TTPs. Maril's passion for closing the gender gap in cyber is highlighted in her affiliations with The Cyber Guild, The Diana Initiative, BBWIC, and WiCyS.

More from this author