Stephen Parsons, CEO of Irish cybersecurity start-up Viso discusses how he manages hiring talent in a notoriously short-staffed sector.
“Retaining people is the most important thing for me because if I lose them, it’s going to take such an effort to replace them,” says Stephen Parsons.
As the CEO and co-founder of Dublin-headquartered cybersecurity start-up Viso, Parsons is one of many, many employers trying to hire cybersecurity talent at the moment.
Much has been written over the past few years about the staffing shortage in the cybersecurity sector.
Last May, a report by Cyber Ireland and Cyber Skills found that Ireland could potentially grow its cybersecurity workforce to 17,000 by 2030.
But there was a big caveat attached to that prediction – and that was whether the country can generate a supply of suitably skilled people.
Parsons has read that report and he keeps up to date with the goings on in the tech industry hiring landscape. He has to in order to stay competitive.
Creative approach to hiring
He says that as a start-up, it is important that Viso is “creative” about hiring and that it has got to have a really good culture so that people don’t get fed up and move on.
Perhaps ironically, a large part of Viso’s business model is providing resources to SMEs who either cannot afford their own cybersecurity teams or cannot get staff because of the talent shortage.
“What we’re doing is effectively providing resources for people that can’t get people,” says Parsons. “So, we do it as a service for the small to medium business because they have no chance of getting people. If you’re a small business who has a couple of people in it, there’s no way you’re going to employ somebody in security because it will cost you too much. You just can’t afford it. And you don’t really need them full-time. You only need them part-time.”
“So that’s really the whole hole in the market that we’ve gone after,” he explains.
It has proven to be both an effective business model and a rewarding job for people working in cybersecurity.
Parsons says the start-up’s employees love that they get to work with “a variety of different organisations and different industries” and they’re also working on things that they might not experience if they were working in another type of role.
Still, Viso is finding it tough to find skilled workers for the roles it needs filling. Following a recent fundraise of €250,000, the company plans to hire 22 people over a three-year period.
Currently, Viso has 12 staff on its books, and it is actively trying to triple this number to support its continued growth in Ireland, the UK and other markets.
At the end of January, SiliconRepublic.com reported that the start-up had a team of 11, but it is continuing to add more hires.
The company was only founded in 2021. It has two offices in Dublin and all of its staff work according to a hybrid model of in-office and remote work.
Constant hiring process is an uphill battle
Its staff are based in countries all over the world, which means that Viso is “fishing from the same pool” as thousands of other companies that are clamouring to hire cybersecurity staff.
“It’s just a constant hiring process, to be honest – part of the day-to-day at this stage,” says Parsons.
Luckily, he has a pragmatic and good-humoured approach to the rather difficult task of recruiting new hires. It may not be a Sisyphean battle, but it is an uphill battle.
He says he is grateful for the efforts that the Government and groups like Cyber Ireland have been putting in to raising awareness around the need for an established pipeline of cybersecurity workers.
He mentions that Viso is already in contact with some of Dublin’s universities in order to take on graduates from their cybersecurity programmes. Many of the cybersecurity courses in Irish third-levels have only come on stream relatively recently. This is another sign, Parsons reckons, that Irish interest groups are waking up to the fact the country needs experienced workers.
When he was doing his studies in cybersecurity, he had to go to the UK. Now, that has changed. The challenge of hiring skilled people remains, however. It will take a few years before the pipeline of Irish graduates has enough experience to be of real value.
What about hiring outside of the regular graduate pool? Last year, we spoke to Conor O’Neill, the Irish founder of pen-testing company OnSecurity about the fact that he hires people from online hacker communities.
Parsons says that while he loves that some companies are thinking outside the box and hiring people from non-university backgrounds, that’s not really an option for Viso due to the nature of the work it does.
Pen-testing and providing CSO knowledge as a service are quite different in terms of what kind of people are needed. Parsons prefers instead to rely on a community network of people working in cybersecurity in Ireland that provide him with sound recommendations on people to hire.
“We’re a quality-based organisation; we don’t want to just throw in grads into our clients. They have to be backed with an expert who we know is going to do a good job.”
In terms of how Viso is structured, there are two analysts working with and learning from one security manager. The idea is that the security manager trains up the analysts who then progress on to become security managers.
“I’m not naive enough to think that our guys are going to stay with us forever,” Parsons says. “You know, we are building the CSOs of the future because there aren’t enough CSOs out there.”
While he does want to retain staff and fill the roles the company needs filled for it to expand, he is also conscious that people are going to want to move on and take up CSO positions in bigger companies.
Those big jobs still come up more often in the UK than in Ireland, Parsons says, but he wants his staff to have the confidence and the skillset to go for those opportunities if they can.
“We will shake their hands and say we’ve done a good job and hopefully they will recommend us to their friends and colleagues… It’s all about continuous development, especially in our field.”
As for the plan in the short-term? It’s still network-dependent and all about keeping an ear close to the ground with Ireland’s “very small” cybersecurity community.
“Up to now we’ve used our network really well. And that’s not only people we know, but it’s kind of second connections,” says Parsons.
“We use a good supplier and partner network who we tap up and say ‘Look, who is pretty good in this area?’ or start conversations that way, but that could be the long employment piece.
“I would also have two or three people I’m talking to on a regular basis for future (hires), so that when the time is right and they come available, we will snap them up.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.