Talent Acquisition & Upskilling: Acquisition

This is the second of four related articles. The others are here: one two three four.

Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets.

Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for short). In other words, we recognize that sometimes evolution is a better option than revolution and that what you need from us is not a way to revolutionize your cybersecurity program but rather help in building a TAU program that lets you evolve your cybersecurity program at a safe pace with lower risk of vulnerability during the transition.

Whether you want us to help with a revolution or an evolution you will find  a drive toward accuracy and fairness at the heart of our offerings. We are all human and so we make mistakes, take short-cuts required by limited time and fall prey to unconscious bias. This fact means that we often introduction inaccuracy and unfairness into our personnel decisions. Pythia Cyber can help you minimize these failings. How does a firm run by people avoid human failing? We do it by using trainable software that we train to be objective, even if we cannot be totally objective ourselves.

This post is about the first phase, the Find phase, talent acquisition. This phase is crucial, of course, but organizations rarely have the bandwidth to do it all themselves so it is common to have two major selection points ahead of the "real" interviews: someone to whittle down the flood of résumés into a manageable torrent and someone to do a helpful pre-interview interview to find the few worthy candidates. Then the real interviewing begins, bringing with it the challenge of trying to match up credentials and experience somewhere else with the requirements you have.

This common scenario has two really big problems: the people who aren't you are doing the whittling and the people who aren't you are doing the pre-interview. In the first case I have heard some heart-breaking short-cuts described in whittling down the résumés, nonsense such as "I simply reject résumés with an Objective at the top, I hate that" and "this résumés format is so 5 years ago." I struggle to imagine that this kind of value judgement is an effective way to assess technology talent. In the second case I fear the unconscious bias that we all carry around with us: are the people doing the pre-interview really that good at this job? How do you know what you don't know? Do you verify their work, or do you just assume that you aren't missing any golden nuggets and that you aren't interviewing too many duds?

What else can you do about the résumés? You can't spend the time to go through endless résumés, right? Right; instead, we propose that you use our AI which has been trained to match résumés with job descriptions as a first pass screen. This ensures a level of fairness and evenhandedness that is hard to achieve any other way. And the AI doesn't get tired after lunch, or bored, or behind in its work so it always gives any given résumé a fair shake. We often refer to this AI as "the screen" for short.

What else can you do about the pre-interviews? You can't spend the time to give each possible candidate an in-depth interview, can you? No, you can't, so we propose that you use our talent assessment to help see people clearly. We often refer to the  Pythia Cyber Cybersecurity Talent Stack as “the assessment" for short. The assessment comes in three varieties, depending on the role for which you are acquiring or retaining talent:

• The Pythia Cyber Cybersecurity Contributor Talent Stack (useful for general technology roles as well)
• The Pythia Cyber Cybersecurity Manager Talent Stack (specific to Cybersecurity)
• The Pythia Cyber Cybersecurity Executive Talent Stack (specific to Cybersecurity)

What the assessment does is give you the same basis for judging talent for each candidate. This adds to the data you have to support your decision, but it does not make the decision for you. You still have to decide which candidate best suits your needs. We like to say that we help you figure out what you would get from hiring each candidate and also what you would have to give. Some candidates are great in most respects but will require administrative support. Some candidates would be good choices to manage a team, but not to build a team. Some candidates would be great at building a team but not a good choice for the long-term, day-to-day management of a team. Which one do you hire? We don't know: that depends on what you need and what you can afford to give in the way of support.

We aren't going to tell you who to hire but we are going to help you be a fairer, clearer-eyed recruiter and better manager and better mentor when you shift to a talent-based culture. We can help. Ask us how.