In today’s rapidly evolving cybersecurity landscape, securing top-tier talent is just as critical as building cutting-edge technology. As cyber threats grow more sophisticated, so does the demand for skilled professionals who can help companies defend against them. But for many early and growth-stage cybersecurity founders, hiring the right people—especially outside their core technical expertise—can be one of the biggest challenges they face. To explore this topic, we sat down with Oliver Legg, co-founder of Aspiron Search, a recruitment firm solely focused on cybersecurity talent and a NightDragon NightScale Platform Partner. With nearly a decade of experience in placing go-to-market and technical security professionals, Oliver and his team have developed a deep understanding of what it takes to build high-performing security teams.
In our conversation, he shares insights on the unique challenges cyber founders encounter when hiring, where companies can look for talent beyond traditional pipelines, and the key to attracting and retaining the best people in the industry. Excerpts of the interview can be found here, or you can watch the full video interview above with NightDragon Partner Barbara Massa.
Give us a brief introduction of Aspiron Search and how your paths crossed with us here at NightDragon.
Aspiron is a solely focused cybersecurity recruitment business. We focus on both the go-to-market side for early and growth stage security vendors and on the enterprise and technical security side as well.
I wish I could say that I set out from school dedicated to a career in cybersecurity staffing, but I fell into it. Joe Cooper, my business partner, hired me as a fresh-faced graduate cybersecurity recruiter. That was nearly a decade ago. Then both Joe and I, when we got into security and started staffing for security roles, it was just clear that there was no need to ever look into a different area of recruitment not just because of how interesting it is but also because it’s an impactful industry, especially on the OT and ICS side. It’s such a cool kind of tangible risk that these companies are helping to protect. We are just very passionate about it.
You talked about this a little bit, but what brought you into the cyber world specifically? And what makes you so passionate about placing cyber talent, in particular?
There’s a couple of facets to it. First and foremost, cybersecurity is absolutely essential to the world that we live in today. There’s no business that is remotely safe from any form of cybersecurity breach… It’s also the people. Cybersecurity is one of these industries where, in the vast majority of cases, everyone wants to help each other. There’s such a strong community, whether it’s Slack channels, LinkedIn groups, or the conferences. It’s such a unique industry where there really is this community… Everyone is ultimately just fighting for the same line goal to secure the world that we live in today.
What do you think are some of the biggest challenges, challenges facing cyber founders today around getting the right talent into the roles on their team?
I’ll answer specifically from a view of fairly early-stage or mid-stage founder… Often the biggest challenge is these people are fantastic practitioners. They have often become a founder because they’ve been an exceptional security professional, but then they’re put in the position where they are a founder of a business, they’ve raised funding, and they’re now having to hire for so many different types of position across so many different domains… For example, a technical founder that is a first-time founder, they’ve never had exposure to the commercial sales or marketing side to the business, and now they need to go out and find, interview, hire, onboard, train and ramp a salesperson running an enterprise deal cycle. They might not have any exposure to that. That’s often one of the biggest challenges.
What are some suggestions and success areas that you and your firm have found for finding great candidates in unusual or different places?
There’s two very different answers on the vendor GTM side and then the enterprise practitioner side. On the vendor go-to-market side, there’s not that many places that you can look outside of the normal talent pool because they have to know how to run a complex deal cycle. They’re not going to know that if they haven’t worked in enterprise or mid-market level sales. To be successful and ramp quickly, they have to understand security [otherwise] they’re not going to understand the nuances of the buyers, the personalities of security buyers, or how to understand the risks associated with it…
On the cybersecurity practitioner side, there’s loads of places you can look… There’s so many different people that would make incredible security professionals with a bit of training. There’s very analytical people. There’s people that have worked in kind of other areas of policy or regulation that would transfer perfectly to GRC type positions. These are just a few examples.
One of our very first Cyber Bites podcast was with the now CISO of the UK Highways Agency. That was an episode very specifically on neurodiverse talent and how the security industry as a whole is completely missing out on an incredible talent pool of people that would’ve made great SOC analysts, great at threat detection, all of these positions that they just might not know how to interview for. I think the industry needs to do a generally better job at finding those people, but then actually supporting them to get the job because there’s a huge talent pool waiting there to be unlocked that probably isn’t going find its way into their industry without our help.
What’s one piece of advice you would have for founders today on building an amazing team?
Make sure you can sell your company and sell your opportunity… It’s being able to tell your story, being able to get your vision across to the very best people and being able to get that story filtered down the rest of the team as well. I think that all comes in by making sure everyone understands the vision, everyone understands the story, and everyone is mission driven towards the same thing. There’s a lot of unquantifiable benefit to that in every aspect of the company but especially attracting the best people.