One of the biggest security leadership game-changers I鈥檝e picked up in my career is that building and maintaining an elite team of tech pros goes far beyond a simple checklist of hiring requirements. It鈥檚 a purposeful, ongoing, dynamic process that requires strategy, adaptability, and a little bit (or sometimes a lot) of hacker intuition.
Whether you鈥檙e looking to hire well-rounded security experts, unlock new levels of growth and development on your current team, or beat burnout for good, this blog gives you cybersecurity leadership insights from my management experiences at the National Security Agency (NSA), NASA, and now 杏吧传媒 as the Director of Product Research.聽
Resumes, degrees, and certifications are an essential part of the hiring equation (of course), but it鈥檚 just as important to dig deeper into a candidate鈥檚 fit for the position. It鈥檚 how I get a sense for what really fires someone up about cybersecurity and what they can bring to the table at 杏吧传媒. My team鈥檚 product research only matters if security researchers know how to show its value, so I look for a well-rounded blend of hard and soft skills. Technical competence only goes so far without creativity, problem solving, humility, passion, and a flair for communication.聽
I love asking this question during interviews:
鈥淲hat media interaction, public speaking, blogs, or community education efforts are you most proud of delivering in your career?鈥澛
More often than not, this is where passionate candidates shine. For instance, once I was speaking to a highly qualified candidate, but at the beginning of our conversation, every response sounded prescriptive. I could hear in their voice that they were just going through the interview motions to explain their prior work accomplishments. But when I asked about a personal project they were promoting on LinkedIn, the passion emanated. This candidate spoke about their personal cybersecurity achievements with such conviction and sincerity, I was hooked on every word.
Resumes that go beyond professional experience to highlight personal projects鈥攍ike running Capture the Flag events, building open-source tools, presenting at conferences like local B-Sides, or maintaining a hacking blog鈥攖ell me more about a candidate than any certificate ever could.
Here's what鈥檚 helped me hire great security people:
Focus on technical creativity over academic credentials
Look for indicators of passion, like side projects or community engagement
Design interviews that give candidates space to showcase their strengths authentically. Sometimes, they just need a nudge to tell the story they鈥檙e most proud of.
My awesome team and I at a 杏吧传媒 event. From left to right: , Matt Kiely, , Jonathan Johnson, Truman KainRetention isn鈥檛 about throwing raises and promotions at people (though those are nice too!). At its core, it鈥檚 about creating an environment where employees feel seen, heard, and valued.
I make one-on-one meetings a priority and use them to ask meaningful questions like:
What鈥檚 your growth goal?
Where do you want to go from here?
How can I help you get there?
It鈥檚 not flashy, but taking the time to genuinely listen to your team is one of the most powerful retention strategies I鈥檝e learned over the years. People want to stay where they feel heard and appreciated. And as a manager, I鈥檓 very passionate about my responsibility to work with each team member to shape their own unique career paths. I coach and mentor people to take the work they鈥檝e done and present the value to the wider organization to achieve their growth goals.聽
Here鈥檚 a surprising twist I like to bring to the table: I work ahead of my team鈥檚 promotions. I don鈥檛 wait for them to bring me a bullet list of their accomplishments. I actively track their impact and prepare promotion packages with a system I鈥檝e developed before they even ask me. The gratitude I鈥檝e seen from this approach is overwhelming. If you鈥檙e a manager, I promise this is worth it.
Here's what鈥檚 helped me retain next-level security pros:
Make growth an ongoing conversation: Keep it top of mind for both you and your team
Celebrate their wins: Be their loudest champion across the business, straight up to the C-Suite
Make sure they see their own impact:聽Security pros are often so focused on wrecking hackers that they may not fully recognize the significant impact their work has on partners and customers. As a manager, it's a privilege to highlight to these incredible technical experts just how crucial their research and contributions are.
We all know burnout in cybersecurity is the real deal. The work is demanding, the stakes are high, and the threats are constant. It doesn鈥檛 always feel chill to hit the pause button, but it's essential.聽
As a manager, one of the best game plans I鈥檝e developed for burnout prevention is to follow through on boundaries and balance. Here鈥檚 an example: one of my employees was maxing out their PTO accrual instead of taking the breaks away from 鈥渢he office.鈥 We worked together to figure out an immediate fix: every Friday was scheduled for out-of-the-office until they鈥檇 used enough PTO to start accruing again. And over time, we set up systems to reduce stress around taking time off. Fast forward a year, and taking regular PTO is an accepted cornerstone of the culture on my team.
Show your team, by example, that recharging away from work isn鈥檛 optional, it鈥檚 necessary. For me, stepping away from work doesn鈥檛 come naturally because I love what I do and the people I work with. But this past year, I took up for the first time and posted about it on , in hopes of getting others to stretch themselves a bit, too. It reminds people that resting isn鈥檛 about slacking off, it鈥檚 how you continue to give it your all and be there for the team.聽
Here's how to handle the hustle without burnout:
Promote PTO: Don鈥檛 just remind your team about their time off. Help them make it work.
Be the example: Step away so your team knows it鈥檚 okay to do the same.
Bond with your crew: Check in with your team on non-work things too. Being human goes a long way.
Strengthening your cybersecurity team takes leadership effort on every front, from hiring the right people to supporting them in their growth to making sure they don鈥檛 burn out along the way. There鈥檚 no magic formula, but there are actionable steps, and it starts with minimizing friction and genuinely supporting your people with both heart and strategy.
Use these cybersecurity leadership insights and build your dream team, cheer them on like crazy, and keep showing up to do things smarter, not harder, for your team and the business.聽
And if you鈥檙e interested in joining the hunt, I encourage you to check out our open roles on our Careers page.
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
