We've recently posted about the role of HR in the cybersecurity hiring process. As Brendan puts it , HR's role is to mitigate risk from the hiring manager's unconscious (or not) bias and potentially inefficient hiring practices. Hooray! The other side of that bargain is that you must assess awkward issues in the hiring process. If you don't ask, you -- managers, HR, whoever -- are assuming that those issues are unimportant. You are making an ASS out of U and ME . There are two sets of asks: What productivity talent does this person have? and What propensity does this person have to engage in counterproductive work behavior or deviance? Let's tackle each in turn. Talent . We write extensively about cybersecurity talent. It specifically involves high performance in any of three main cybersecurity roles -- individual contributor, manager, leader/executive. We have developed with Conchie Associates a proprietary talent assessment for each of these roles.  Many asses...

“Ten years ago, did you expect to be in the job you hold today?” Well, did you? One of the greatest popular science books of the last 50 years is The Mismeasure of Man by Steven Jay Gould. Professor Gould was also famous for questioning the popular science hypothesis that evolution was linear. Gould didn't question whether  la evolución  was real. Instead at issue was whether evolution was a linear progression...or something that sprouted more like a bush: What's the difference? Our friend Barry Conchie puts it this way : "For most people, careers are not the result of long-term planning. They are the result of capability, opportunity, and circumstance interacting over time." The problem with a linear assumption regarding evolution or careers is that progress is some function of earlier investments that results in a later outcome, and so on. The unfortunate fundamental nature of evolution (and careers) though is that they don't always work out; they may dead-end;...

As the technology practice lead of Pythia Cyber , I try to stay away from the behavioral side of things except as a follower but today I am going to be a little out of my lane. Perhaps my behavioral science counterpart will have something to post in reply. But today I am going to make an exception: I am going to talk about some human behavior that I encounter on the technology side of things because this behavior illustrates a key concept of our philosophy. The behavior is the technology hiring equivalent of being famous for being famous. According to Professor Google, here is the origin of this catch phrase: Coined by historian Daniel J. Boorstin in his 1961 book, The Image: A Guide to Pseudo-events in America , defining a celebrity as "a person who is known for his well-knownness". The analogy to which I refer is being hired as a leader because you were hired as a leader. The key concept this illustrates is the faulty logic in relying on certifications or experience or both...

My workday was interrupted today by a planned visit from some electricians we have contracted with to upgrade our backup generator. "Mind if we test the circuit breaker panel labels?" they asked. I hesitated. In theory, our systems all have functioning, tested uninterruptible power supplies (USPs) and so flipping circuit breakers off and on should not have any noticeable effect. I should have given the OK immediately. Instead, I hesitated. I was reluctant to tempt fate. I imagined the pain of failure, a self-inflicted wound. Our office manager asked me if I wanted to shut down the network first but she was a bit thrown by my reluctance. In the end, I took a deep breath and explained that we are all set against power outage, so there should be no problem, so they should proceed. Not only do we have a separate UPS for each system, but each system is configured to shut itself down gracefully if the UPS's power levels drop. So, best case, no effect and worst case, graceful sh...

People seem surprised when I tell them that as part of our expansion plans Pythia Cyber wants to have recruiters as clients. There seems to be an assumption that recruiters and talent assessment don't mix. I can't imagine why this would be. Recruiters have a process and a product. In my experience the process is rather humanist and the product is the trust their clients have in them as a function of the track record they have with their clients. We see ourselves as completely compatible with that model. We don't get between the placement firms and their clients. In fact, we provide a straight fee-for-service to the search firm: we assess whichever candidates they choose, we deliver our high-level report and the firm can do with that whatever they like. We don't tell people who to hire, we tell people what the likely consequences would be if they hire the assessed candidates. In this case we enhance your picture of candidates with an assessment of their talents in the sp...

I have come to see the light: when hiring to fill positions I can see that HR has a valuable role to play and that role is to protect the organization, writ large, from the hiring manager's inexperience in hiring. Much as the hiring manager might know all about the domain into which they are hiring, the hiring manager is rarely an expert in hiring itself. The hiring manager is likely to be blind to questions of equal access and unconscious bias. The hiring manager might be great at detecting and nurturing talent but unaware of anything else, which is how you get technology groups whose members are all in the same demographic--all good at their jobs and good hires individually, but collective a lawsuit waiting to happen. HR is there to make sure that the hiring process does not run afoul of the large number of laws and regulations and policies governing hiring. This is a relatively recent development in my thinking. For most of my career in technology HR has been a hurdle to be gott...