Practical Applications of Talent, Part 1

At Pythia Cyber we are about behavioral cybersecurity and when it comes to predicting behavior, talent trumps credentials. By which we mean that your certifications tells us what you have done, but your talent profile tells us what you are capable of in the future.

Specifically, Ted has a series of posts about the talent profile of different cybersecurity roles, specifically

Talent needed to be front line cyber defender

Talent needed to manage cyber defenders

Talent needed to lead a cybersecurity program

As a counterpoint to Ted's behaviorial science perspective I present a series of my own, giving examples of practical applications of talent assessment to cybersecurity.

This post is about how a talent assessment can help you solve a common problem with retaining and compensating front line cybersecurity personnel: avoiding using promotion as a reward for performance.

Consider the case of the lower level cybersecurity worker, the technician, who is terrific at their job. You want to reward their excellence. You want to retain them. What should you do? All too often the only option you have is to promote them, because rank is rewarded more often than performance. What is the result of promoting a stellar cyber defender out of their specialty and into management? Unless you get lucky, the result is a mediocre manager. You pay them more, they are less valuable to the organization and both parties actually are worse off than before, except that the former stellar technician now gets paid a bit more to be worth a bit less.

You already know that compensation should be determined by performance, which should be defined in terms of value to the organization. You already know that promotions should be determined by fitness for the next role, which should be defined in terms of job requirements versus talent. But that is not how we usually structure our organizations.

This bad structure is a particular problem in cybersecurity because there isn't a very strong correlation between the talents needed to succeed at the lower levels and the talents needed to succeed in the middle level. Similarly, what makes a good middle manager does not make a good senior manager. Many of us pay lip service to "the typical career path" which is based on the principle of up or out, but that does not make this concept useful or sustainable. It just makes it common.

What can we do instead? We can use performance to place people in broader salary bands and we can use talent to place people in the hierarchy. We know we should, but without real data to back us up it is safer to do the conventional thing and conflate promotion and performance.

Are there polymaths who can climb this ladder and succeed at every level? Yes, there are, but they are rare and their existence does some real damage in perpetuating this practice. Are there dedicated individuals who, when put in positions which do not align with their talents, gut it out and slowly get better at tasks for which they are ill-suited? Oh, yes, there are; worse, after struggling to become a bit better, these people often convince themselves that they are great at their inappropriate job, which is how you create people who are not great at their jobs but are convinced that they are great. All that effort has to count for something, doesn't it?

These rare exceptions are not useful at the basis for policy. Why describe jobs in the lower end of the hierarchy as "dead end"? What is wrong with being a terrific cyber defender, especially in a field where the threats adapt and evolve at a shocking rate? Worse is the practice of firing expensive experience and hiring cheap enthusiasm; that is just a terrible trade-off in this field.

The conventional shortcuts just aren't good enough any more. Honor talent by putting people where they can do the most good. Develop talent because that is a good investment. Reward performance because that is also a good investment. Promote people to the level their talents can support because that is effective management. Assessing talent effectively and objectively is hard. We can help.