Key Takeaways
- Six senior cybersecurity leaders from organizations including Atlassian, Xcel Energy, and Temple University participated in a week-long Reddit AMA focused on building diverse, high-performing security teams.
- The AMA explored hiring practices, team culture, inclusion strategies, and talent retention — areas increasingly critical as the global cybersecurity workforce gap surpasses 4 million unfilled roles.
- Participants emphasized that diversity is not just a values statement but a measurable performance driver in security operations and threat response.
- The CISO Series and r/cybersecurity collaboration continues to serve as one of the most accessible forums for real-world security leadership insight.
- Practical advice covered everything from recruiting non-traditional candidates to retaining top talent in a hyper-competitive hiring market.
What Happened: CISOs Open Up on Reddit
Some of the most experienced security executives in the industry have built diverse high-performing security teams from the ground up — and this week, they shared exactly how they did it. Running from March 15 to March 21, 2026, a high-profile Ask Me Anything session on Reddit’s r/cybersecurity community brought together six accomplished cybersecurity leaders to answer candid questions about hiring, organizational culture, inclusion, and talent management. The event was organized by CISO Series, a respected media network dedicated to cybersecurity leadership, and represents one of the most transparent public conversations about the human side of security to emerge in recent years.
The timing is no accident. With the global cybersecurity talent shortage showing no signs of easing — ISC2 research estimates more than 4 million unfilled cybersecurity positions worldwide — questions about how to attract, develop, and retain skilled security professionals have never been more urgent. This AMA gave practitioners, hiring managers, and aspiring security professionals a rare window into how top-tier CISOs actually think about building their teams.
Why Building Diverse High-Performing Security Teams Is a Strategic Imperative
Industry analysts note that the connection between workforce diversity and security effectiveness is no longer theoretical. Research from McKinsey and Gartner consistently shows that organizations with diverse leadership teams outperform their peers on innovation metrics — and in cybersecurity, where adversaries constantly evolve their tactics, cognitive diversity and varied lived experiences translate directly into stronger threat detection, more creative red-teaming, and more resilient incident response.
In practice, homogeneous security teams tend to develop blind spots. When every analyst approaches a problem from the same educational background or career trajectory, entire categories of social engineering attacks, insider threat vectors, and emerging fraud patterns can go underestimated. Security leaders who have built diverse high-performing security organizations understand this intuitively: the best teams are built not just from technical skill, but from a breadth of perspective that mirrors the complexity of the threat landscape they defend against.
According to a 2025 report by Cybersecurity Ventures, cybercrime is projected to cost the global economy $10.5 trillion annually by 2025, making the stakes for getting security team composition right extraordinarily high. Against that backdrop, the question of who sits in a security operations center — and what experiences they bring — is a strategic business decision, not just an HR consideration.
Meet the Security Leaders Behind the AMA
The CISO Series editorial team curated an impressive lineup of participants for this edition of the ongoing r/cybersecurity collaboration. Each brings a distinct vantage point on security leadership:
| Participant | Role | Organization | Area of Focus |
|---|---|---|---|
| Charles Blauner | Operating Partner | Crosspoint Capital | Security investment, executive leadership |
| Joshua Scott | CISO | Hydrolix | Security strategy, startup environments |
| David B. Cross | CISO | Atlassian | Enterprise security, identity and PKI |
| Shaun Marion | VP and CSO | Xcel Energy | Critical infrastructure security |
| Derek Fisher | Director, Cyber Defense and Information Assurance | Temple University | Academic cybersecurity programs |
| Caleb Sima | Builder | WhiteRabbit | Security tooling, entrepreneurship |
The diversity of the panel itself — spanning private equity, enterprise software, critical infrastructure, academia, and startups — reflects the breadth of environments in which modern security leaders operate. What this means for users and practitioners is that the advice offered spans multiple organizational contexts, not just Fortune 500 enterprise settings.
Hiring, Culture, and Talent: The Core Themes
Rethinking the Hiring Funnel
One of the most persistent challenges in cybersecurity talent acquisition is an over-reliance on traditional credential filtering. Many organizations still screen primarily for four-year computer science degrees and a checklist of certifications — a practice that systematically excludes talented candidates who entered the field through bootcamps, self-study, military service, or adjacent disciplines like law enforcement, psychology, or data analytics.
Security leaders who have successfully built diverse high-performing security teams tend to take a skills-first approach to screening. Rather than filtering by pedigree, they design hiring processes that surface demonstrated competencies: Can a candidate think adversarially? Do they communicate risk effectively to non-technical stakeholders? Can they stay calm and methodical under the pressure of an active incident? These qualities are not exclusive to any demographic or educational background.
Culture as a Retention Tool
Retention is arguably harder than recruitment in cybersecurity. With experienced professionals fielding multiple unsolicited offers per month and burnout rates running high — approximately 65% of cybersecurity professionals report experiencing significant stress or burnout, according to a 2024 ISACA workforce survey — culture has become a primary retention lever.
Leaders like those participating in this AMA have emphasized psychological safety as a foundational element of high-functioning security culture. In practice, this means creating environments where analysts feel empowered to escalate concerns without fear of blame, where mistakes during incident response are treated as learning opportunities rather than performance failures, and where junior team members are genuinely mentored rather than simply tasked.
Inclusion Beyond the Numbers
Diversity in hiring is only the first step. Inclusion — ensuring that diverse team members have genuine voice, visibility, and advancement opportunity — is where many organizations fall short. Security leaders note that representation in entry-level roles means little if promotion pipelines, high-visibility project assignments, and leadership development opportunities remain concentrated among a narrow demographic.
The Broader Cybersecurity Talent Crisis
The cybersecurity workforce gap is one of the defining challenges of the current technology era. ISC2’s most recent workforce study placed the global shortfall at 4.8 million professionals, a figure that has grown year over year despite increased investment in training programs and university curricula. The gap is not uniform — it is particularly acute in specialized areas like cloud security, operational technology security, and application security engineering.
This shortage has downstream consequences that extend well beyond HR departments. Understaffed security teams take longer to detect and contain breaches. The average cost of a data breach reached $4.88 million in 2024, according to IBM’s Cost of a Data Breach Report, with understaffing and skills gaps cited as significant cost amplifiers. Organizations that solve the talent problem — through smarter hiring, stronger culture, and genuine inclusion — gain a measurable competitive advantage in their security posture.
The CISO Series and r/cybersecurity partnership addresses this crisis by democratizing access to executive-level insight. Historically, the kind of candid leadership conversation that took place in this AMA would be confined to private boardrooms or expensive industry conferences. Making it available on a public forum like Reddit lowers the barrier for aspiring security professionals to learn from those who have already navigated the path. You can explore more on this topic at r/cybersecurity, one of the largest practitioner communities online.
What This Means for the Industry and Aspiring Security Professionals
For hiring managers and security leaders, events like this AMA serve as a real-time benchmark. Hearing how a CISO at a global enterprise like Atlassian approaches team building, or how a VP of security at a major utility like Xcel Energy thinks about talent in a critical infrastructure context, provides concrete reference points that can inform internal strategy.
For early-career professionals and career changers, the signal is equally important: the field is actively looking for people who think differently. The consistent message from leaders who have built diverse high-performing security organizations is that non-traditional backgrounds are not a liability — they are often an asset, particularly in roles that require understanding human behavior, communicating with business stakeholders, or thinking creatively about attacker motivations.
For the broader technology industry, this conversation is a reminder that cybersecurity is fundamentally a human discipline. The tools, frameworks, and technologies matter — but the people who wield them, the culture they operate in, and the diversity of thought they bring to the table are what ultimately determine whether an organization can defend itself against increasingly sophisticated threats.
How the Best Leaders Built Diverse High-Performing Security Organizations
Synthesizing the themes from this AMA and the broader body of security leadership research, several patterns emerge among executives who have consistently built diverse high-performing security teams across different organizational contexts.
First, they treat team building as an ongoing discipline rather than a periodic hiring exercise. The best security cultures are cultivated continuously through mentorship programs, internal mobility opportunities, and deliberate investment in professional development — not assembled reactively when a role opens up.
Second, they measure what matters. Vague commitments to diversity and inclusion tend to produce vague results. Leaders who make measurable progress track representation across levels — not just at entry points — and hold themselves accountable to specific targets for promotion rates, pay equity, and participation in high-visibility projects.
Third, they look beyond the security industry for talent. Some of the most effective security analysts come from backgrounds in fraud investigation, military intelligence, journalism, or behavioral science. Leaders who expand their recruiting aperture beyond traditional cybersecurity pipelines consistently report finding candidates who bring genuinely differentiated capabilities to their teams.
Explore more on building a cybersecurity career from scratch and our coverage of emerging CISO leadership trends in 2026 for additional context on how the security profession is evolving.
Recommended Cybersecurity Learning Resources
Whether you are an aspiring security professional or a team leader looking to upskill your staff, the right educational tools can make a significant difference. Below are some highly regarded resources in the cybersecurity training space.
As an Amazon Associate, I earn from qualifying purchases.
- Cybersecurity Certification Study Guides — Comprehensive prep materials for CISSP, CompTIA Security+, and other leading credentials.
- Ethical Hacking and Penetration Testing Books — Hands-on guides for developing offensive security skills used by red teams worldwide.
- Security Leadership and Team Management Books — Resources specifically for CISOs and security managers building and leading effective teams.
- Home Lab Networking and Security Kits — Hardware for building practice environments to develop real-world defensive security skills.
What to Watch Next in Cybersecurity Talent and Leadership
The conversation sparked by this AMA points toward several developments worth tracking in the months ahead. The cybersecurity workforce gap is not going to close through technology alone — it will require systemic changes in how the industry recruits, trains, and retains talent, and events like this one are part of that broader cultural shift.
Watch for increasing adoption of skills-based hiring frameworks across enterprise security organizations, as more CISOs publicly advocate for dropping degree requirements in favor of demonstrated competency assessments. Apprenticeship models and security-focused bootcamp partnerships are also gaining traction as organizations look to build pipelines rather than simply compete for the same limited pool of credentialed professionals.
The role of academic institutions — represented in this AMA by Temple University’s Derek Fisher — will also be critical to watch. University cybersecurity programs are under pressure to modernize curricula faster than traditional academic cycles allow, and partnerships between industry CISOs and academic programs may become a defining feature of how the next generation of security talent is developed.
Finally, keep an eye on how AI-assisted security tooling reshapes the skills landscape. As automation handles more routine threat detection and response tasks, the premium on human judgment, communication, and creative problem-solving — precisely the qualities that diverse teams tend to bring in abundance — is likely to increase rather than decrease. The leaders who understand this now are already building the security organizations of the future. You can also explore our analysis of how AI is changing cybersecurity team roles in 2026 for a deeper look at this trend.