How Marvel’s Avengers inspires Pinsent Masons CISO to adapt cybersecurity hiring | Popgen Tech

Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose track of talent acquisition and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s UK CSO 30 Awards number one said he is taking inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and retain security talent.

“We have what some describe as a talent war, because you feel like you’re fighting with the next organization for the greater good. I think we’ve gotten a little lost, both from a delegate or prospective employee perspective. , but also from an employer’s perspective,” said Toon, speaking at the UK CSO 30 2022 Awards & Conference. The candidates are out there, he added, but you have to change traditional hiring practices because if you always do what you always do, you always get what you always have.

Don’t get hired, hire the Avengers

Toon tries not to hire and build a team that looks and only looks like him. “That doesn’t make it our best solution,” he said. Instead, he looks to the Marvel Avengers—a team of fictional superheroes brought together from different walks of life to help fight evil and save the world.

No, he’s not expecting Spider-Man to web the latest cyber attacker or Black Panther to beef up his patch management processes, but he’s looking to build both a diversity of skills and abilities on his own security team. “If you look at the Avengers, everyone is very different. They all have unique skills or abilities that they bring to the fight. That’s what a security team should be.”

You won’t find Captain Marvel sitting on LinkedIn

However, you won’t usually find Captain Marvel sitting on LinkedIn waiting to easily apply for her next vacancy, Toon said. “You have to be very different in that approach because the media hype around the cybersecurity skills shortage has prompted a proliferation of recruitment businesses and people trying to place those individuals, which means that your confidence can often be lost as a hiring manager in today’s marketplace. ”

Therefore, it’s about evaluating and adapting where and how you target your recruiting activities, Toon added. “Working with trusted, forward-thinking partners is the first step, but a close second is tapping into community groups that represent underrepresented groups. Hiring teams don’t know there are hundreds, and you’re just a Google search away. You also have to think outside of cybersecurity, there are so many sectors to consider where people will look to retrain.”

For example, if you’re looking for someone with good technology communication skills, you don’t need to find a good candidate in a technology environment because others are searching in the same pool. You can find them in other industries such as hospitality or retail, he argues. “It’s about looking at different opportunities to get work. Recently, we’ve found that employee advocacy is a big step forward because I think outreach from team members really helps a lot in targeting the next generation of our team.

Superheroes don’t all wear suits

It’s also important to think about your company’s culture and what it offers both new and existing security talent, Toon says. “In some ways, what employers are offering or being offered is probably not new [security] people want.” Long gone are the days of uniform rules that make people go through security when they have to wear a suit like they’re going to court just to sit in front of their laptop all day.

Where, when, and how people want to work is big in the decision process—9-to-5 is now almost dead in many industries. Data and cyber breaches alike cross borders and time zones, so what works for the employee needs to support the business. Dress codes, working hours, flexible hours, lifestyle discounts, and wellness and health care are all deciding factors in choosing an employer. “We also have a full ‘remote/hybrid’ offering. Some people want 100% remote, some employers want 100% presence in the office,” says Toon. “You have to know that you have to find your balance, but also recognize that the world has changed. Five days a week to do something on a computer that I can do at home? No chance. Businesses have to be clear to ‘why’—why are we going into the office?”

These changes can be difficult if the organization is steeped in history or has always done things a certain way, Toon admitted, and if you start making changes for one, you have to make changes for others. “So, there’s a knock-on effect to consider.”