CISO Community Pulse on Talent Strategy

October 2023

In the midst of this year’s economic uncertainty and an ever-changing threat landscape, CISOs across Evanta communities are focused on managing risks to their organizations and securely implementing new technologies to drive growth and create efficiencies. The explosion of generative AI tools is a new opportunity and challenge for CISOs.

With this constant change, we wondered what it means for CISOs as they try to recruit and retain cybersecurity talent at their organizations. Here is what more than 350 security leaders told us about their organizations’ talent strategies now and in the future.

Are Skilled Roles Hard to Fill?

Half of the CISOs we surveyed say that the skilled roles in their organizations seem harder to fill than in years past. Thirty-seven percent of security leaders estimate it’s about the same as in past years, and only 13% say that it’s not more difficult to fill roles currently.

Is Recruiting a Challenge?

43% of CISOs say that recruiting skilled workers is very challenging – a higher percentage selecting that answer than any other C-suite role we surveyed. When you add 53% who say it is somewhat challenging, a whopping 96% of CISOs believe that recruiting is a challenge right now. Only 4% of security executives say that recruiting is not challenging at present.

Is Retention a Challenge?

CISOs are slightly less challenged by retention, with 63% reporting that retaining skilled workers is somewhat challenging, and 19% saying that it is very challenging. Eighteen percent believe that it is not challenging for their organization currently.

What’s Impacting the Strategy?

When asked about factors that could be impacting their ability to recruit workers, 31% of CISOs cite the need for specific skills, such as in cybersecurity. Twenty-eight percent attribute it to a lack of resources, and 22% say that workplace policies are a factor. 

In their open-ended comments, CISOs cited other factors impacting their recruiting strategies, including “salary requirements,” “inability to pay a high enough salary to attract and retain good workers,” and “increased competition for a limited talent pool.”

What Are the Focus Areas?

CISOs are focusing on multiple fronts to find and retain talent, with 21% saying their organization is upskilling or reskilling workers and 17% reporting that retaining key roles is important. Equal percentages of CISOs – 16% – are using quiet hiring or internal promotions and outsourcing or contract roles as part of their strategies. 

In the comments for “other” strategies, CISOs indicated that they were “offshoring or nearshoring,” as well as implementing an “intern-to-hire process” and “rotational/developmental assignments.”

Can They Upskill the Workforce?

64% of CISOs are either very confident or somewhat confident in their organizations’ ability to upskill and reskill workers. About a quarter of security executives – 27% – are neutral on how their organization will perform. Only 2% of CISOs say that their company does not have a strategy in place to upskill workers.

What Are Executives’ Forward-Looking Talent Strategies?

During the last several years of workplace disruption, we surveyed CISOs in our communities on all talent shifts, from The Great Resignation and Race for Talent to economic uncertainty and generative AI. Each phase has potentially changed the way security leaders strategize on recruitment and retention.

In our survey, we asked CISOs about their current talent strategies and whether or not their approach had changed over time. Here is a sample of their responses:

Heightened career development to help retain existing skilled talent. Expand company visibility to attract highly skilled candidates. Work with local universities to help build new talent and expand the resource pool.”

Hiring for potential; meaning, the candidate has the potential to fulfill the job requirements, but not necessarily the past experience to exactly match the open job requisition.”

Although we are expanding our teams and actively recruiting, we are also considering appropriate cases for outsourcing. This should help off-load repetitive and level 1 & 2 work, allowing our employees to focus on level 3 tasks.”

Continue to focus on retaining current, high-functioning staff and adapting to meet the needs that they have. Looking outside of the normal channels to find talent, and being flexible in work arrangements.”


If you are a CISO navigating the evolving talent landscape, apply to join an Evanta community or explore an opportunity to collaborate with your CISO peers.


Based on 360 responses to Evanta’s Community Pulse Survey, October 2023.


by CISOs, for CISOs

Join the conversation with peers in your local CISO community.