Practical Applications of Talent, Part 3

At Pythia Cyber we are about behavioral cybersecurity and when it comes to predicting behavior, talent trumps credentials. By which we mean that your certifications tells us what you have done, but your talent profile tells us what you are capable of in the future.

Specifically, Ted has a series of posts about the talent profile of different cybersecurity roles, specifically

Talent needed to be front line cyber defender

Talent needed to manage cyber defenders

Talent needed to lead a cybersecurity program

As a counterpoint to Ted's behavioral science perspective I present a series of my own, giving examples of practical applications of talent assessment to cybersecurity.

This post is about how a talent assessment can help you with a high risk, high reward hire: your head of cybersecurity.

As we have talked about in previous posts (here and here) there is not much merit to the traditional career path in cybersecurity: hired as a front line cybersecurity defender, promoted to manager, promoted to executive. The problem with this model is that the basic premise does not hold in cybersecurity: the skill sets needed to succeed at each of these rungs of the career ladder are not the same. You cannot assume that if you do a good job at one rung that your diligence and experience will serve you well at the next rung. This is a big part of why so many people bitterly endorse the Peter Principle.

The Peter Principle, a 1969 book by Laurence J. Peter and Raymond Hull, introduces the concept that in a hierarchy, employees are promoted to their level of incompetence, where they remain because they are no longer good enough to be promoted further. The book humorously explains why incompetence is so prevalent in organizations, arguing that people are promoted based on success in their current role, not their potential for the next, leading to a system where work is ultimately done by those who haven't yet reached their final, incompetent position.

If you use promotion as a way to reward performance you end up promoting excellent people until they are in a position for which they are no longer an excellent fit. Use compensation to reward performance. Use talent to determine rank. Let your excellent individual contributors remain excellent individual contributors if they don't have the talent (or desire) to be managers. Let your marvelous managers remain marvelous managers if they don't have the talent (or desire) to be executives. Give them raises, but don't give them raises disguised as promotions. Unless you want to live the nightmare described by the Peter Principle.

How do you avoid this nightmare? By making your hiring and promotion process talent-aware. At Pythia Cyber, we don't tell you who to hire; instead we tell you what talents you are hiring or promoting and leave you to exercise your judgement about how that talent profile will fit into your organization's various roles. Does competence matter? Of course it does, but once you screen candidates to ensure that they are all minimally competent then competence becomes a much less useful metric.

The need to determine competence and then judge talent is present in every cybersecurity hire, but the stakes are higher when you are hiring the boss. The consequences of a bad hire can be enormous. Reducing the risk of failure in this role is therefore a primary consideration but never lose sight of the need to succeed. Avoiding disaster is a requirement, but ignoring success is not the best way to do that.

Without a talent assessment you will struggle to make these judgments, because in the real world very little is cut-and-dried. Your options are rarely a terrific executive with great experience and a terrible manager with no experience. Your options are often an experienced, talented manager who isn't very gifted in the executive sphere versus a gifted executive who is has insufficient relevant experience. Who do you choose? Do you let these imperfect birds escape your hands and hope that the future brings better options? Or do you figure out what talent deficits you can support and what levels of ignorance you can cure and take the best available option?

Making real-world hiring and promoting decisions is hard. Balancing competence and talent is hard. The work history can help you with the assessing competence and we can help you with assessing talent. Make better decisions with greater confidence. Add talent data to your decision-making process.