One of the biggest security leadership game-changers I’ve picked up in my career is that building and maintaining an elite team of tech pros goes far beyond a simple checklist of hiring requirements. It’s a purposeful, ongoing, dynamic process that requires strategy, adaptability, and a little bit (or sometimes a lot) of hacker intuition.
Whether you’re looking to hire well-rounded security experts, unlock new levels of growth and development on your current team, or beat burnout for good, this blog gives you cybersecurity leadership insights from my management experiences at the National Security Agency (NSA), NASA, and now Huntress as the Director of Product Research.
Hiring recommendations that go beyond resumes
Resumes, degrees, and certifications are an essential part of the hiring equation (of course), but it’s just as important to dig deeper into a candidate’s fit for the position. It’s how I get a sense for what really fires someone up about cybersecurity and what they can bring to the table at Huntress. My team’s product research only matters if security researchers know how to show its value, so I look for a well-rounded blend of hard and soft skills. Technical competence only goes so far without creativity, problem solving, humility, passion, and a flair for communication.
I love asking this question during interviews:
“What media interaction, public speaking, blogs, or community education efforts are you most proud of delivering in your career?”
More often than not, this is where passionate candidates shine. For instance, once I was speaking to a highly qualified candidate, but at the beginning of our conversation, every response sounded prescriptive. I could hear in their voice that they were just going through the interview motions to explain their prior work accomplishments. But when I asked about a personal project they were promoting on LinkedIn, the passion emanated. This candidate spoke about their personal cybersecurity achievements with such conviction and sincerity, I was hooked on every word.
Resumes that go beyond professional experience to highlight personal projects—like running Capture the Flag events, building open-source tools, presenting at conferences like local B-Sides, or maintaining a hacking blog—tell me more about a candidate than any certificate ever could.
Here's what’s helped me hire great security people:
-
Focus on technical creativity over academic credentials
-
Look for indicators of passion, like side projects or community engagement
-
Design interviews that give candidates space to showcase their strengths authentically. Sometimes, they just need a nudge to tell the story they’re most proud of.
My awesome team and I at a Huntress event. From left to right: Dave Kleinatland, Matt Kiely, Me, Jonathan Johnson, Truman KainRetention starts with listening
Retention isn’t about throwing raises and promotions at people (though those are nice too!). At its core, it’s about creating an environment where employees feel seen, heard, and valued.
I make one-on-one meetings a priority and use them to ask meaningful questions like:
-
What’s your growth goal?
-
Where do you want to go from here?
-
How can I help you get there?
It’s not flashy, but taking the time to genuinely listen to your team is one of the most powerful retention strategies I’ve learned over the years. People want to stay where they feel heard and appreciated. And as a manager, I’m very passionate about my responsibility to work with each team member to shape their own unique career paths. I coach and mentor people to take the work they’ve done and present the value to the wider organization to achieve their growth goals.
Here’s a surprising twist I like to bring to the table: I work ahead of my team’s promotions. I don’t wait for them to bring me a bullet list of their accomplishments. I actively track their impact and prepare promotion packages with a system I’ve developed before they even ask me. The gratitude I’ve seen from this approach is overwhelming. If you’re a manager, I promise this is worth it.
Here's what’s helped me retain next-level security pros:
-
Make growth an ongoing conversation: Keep it top of mind for both you and your team
-
Celebrate their wins: Be their loudest champion across the business, straight up to the C-Suite
-
Make sure they see their own impact: Security pros are often so focused on wrecking hackers that they may not fully recognize the significant impact their work has on partners and customers. As a manager, it's a privilege to highlight to these incredible technical experts just how crucial their research and contributions are.
Stay locked in without losing momentum
We all know burnout in cybersecurity is the real deal. The work is demanding, the stakes are high, and the threats are constant. It doesn’t always feel chill to hit the pause button, but it's essential.
As a manager, one of the best game plans I’ve developed for burnout prevention is to follow through on boundaries and balance. Here’s an example: one of my employees was maxing out their PTO accrual instead of taking the breaks away from “the office.” We worked together to figure out an immediate fix: every Friday was scheduled for out-of-the-office until they’d used enough PTO to start accruing again. And over time, we set up systems to reduce stress around taking time off. Fast forward a year, and taking regular PTO is an accepted cornerstone of the culture on my team.
Show your team, by example, that recharging away from work isn’t optional, it’s necessary. For me, stepping away from work doesn’t come naturally because I love what I do and the people I work with. But this past year, I took up skiing for the first time and posted about it on LinkedIn, in hopes of getting others to stretch themselves a bit, too. It reminds people that resting isn’t about slacking off, it’s how you continue to give it your all and be there for the team.
Here's how to handle the hustle without burnout:
-
Promote PTO: Don’t just remind your team about their time off. Help them make it work.
-
Be the example: Step away so your team knows it’s okay to do the same.
-
Bond with your crew: Check in with your team on non-work things too. Being human goes a long way.
Team growth is a journey
Strengthening your cybersecurity team takes leadership effort on every front, from hiring the right people to supporting them in their growth to making sure they don’t burn out along the way. There’s no magic formula, but there are actionable steps, and it starts with minimizing friction and genuinely supporting your people with both heart and strategy.
Use these cybersecurity leadership insights and build your dream team, cheer them on like crazy, and keep showing up to do things smarter, not harder, for your team and the business.
And if you’re interested in joining the hunt, I encourage you to check out our open roles on our Careers page.
