EP 135: Cybersecurity industry’s current trends and challenges with Fayyaz Rajpari, Managing Partner at IntelliGuards.

Show Notes

Dive into the world of cybersecurity with host James Mackey and his guest Fayyaz Rajpari, Managing Partner at IntelliGuards. Discover the nuances of cybersecurity hiring trends in a recessionary economy, the impact of layoffs, and the evolving job market dynamics. Learn about the demand for cybersecurity solutions and the challenges faced by small businesses, in our latest podcast episode.

   0:39 Fayyaz Rajpari's background
   2:07 Cybersecurity hiring trends in a recessionary economy
   9:59 AI in cybersecurity and its potential impact
14:54 Cybersecurity services and demand in the market

Thank you to our sponsor, SecureVision, for making this show possible!

Our host James Mackey

Follow us:
https://www.linkedin.com/company/82436841/

#1 Rated Embedded Recruitment Firm on G2!
https://www.g2.com/products/securevision/reviews

Thanks for listening!

Chapters

• 0:42: Fayyaz Rajpari's background
• 2:10: Cybersecurity hiring trends in a recessionary economy
• 10:02: AI in cybersecurity and its potential impact
• 14:57: Cybersecurity services and demand in the market

Transcript

Speaker 1: 0:27

Hello, welcome to the Breakthrough hiring show. I'm your host. James Mackie Got a really great episode for you today. We were joined by Fiaz Roz Parry. Fiaz, thank you for joining me today. Thank you for having me. Yes, and before we jump into it, we're going to be talking about the hiring market and cybersecurity, but it would be great if you could share your background with everyone so they understand your point of impact, your perspective, where you're coming from.

Speaker 2: 0:50

Yeah, definitely yeah, I've been in the cybersecurity industry for quite some time about 23 years now. In the cyber industry I actually started out in the insurance and financial sector as basically a cybersecurity practitioner, a security engineer, an instant responder, and then got a chance to move into the OEM industry actually the ones that are building cyber products, got my hands involved in a lot of different roles. I'm very lucky and honored to have worked for large companies like Symantec and Mandiant. Fireeye went over to Optiv, did some stuff for the threat and the threat intelligence space that record a future, and then also Gigamon From a variety of large industry known companies in many different roles. It's been super exciting and always been a wild ride, and today I have my own company called IntelliGuard, so we provide cybersecurity services, manage detection, response, and we do tailored security operations and our build-ups.

Speaker 1: 1:45

Okay, cool. And are you primarily working with startups, SMBs, enterprise? What types of customers do you work with?

Speaker 2: 1:53

Yeah, really good question. The range of customers we have are pretty wide. We have smaller customers or SMBs, definitely like 15 employees, but then we have some larger customers up to 10,000 employees as well. So it's a pretty wide range, Okay cool, nice.

Speaker 1: 2:08

That's just good context for folks to have. Let's just start with the state of hiring. We're seeing a lot of rifts and layoffs. I want to dial in on this specifically in terms of cybersecurity. Of course, like in the greater tech economy, it's pretty brutal out there. We're seeing enterprise tech companies lay a lot of people off and that's trickling down all the way to startups. It's probably the most suppressed job market since the dot-com bubble. It's been a significant decline. A lot of people have been out of work for months. So I'm just curious is this trend from what you're seeing, continuing into cybersecurity? Is it just as bad? Is it maybe layoffs, but maybe not quite as bad, because cyber is just such like it's growing and I feel like there's always a shortage.

Speaker 1: 2:51

What's going on?

Speaker 2: 2:51

Yeah, it's funny from the outside lens, people think all cyber is so hot and it's just a really good place to get into, which is true, but yeah, the fact of the matter is it has bled over into the cyber industry as well and from my perspective, it's simply employer side as well. There's definitely a lot more due diligence in hiring and making sure that they have the right candidates. But then also, like you said, definitely there's been a ton of rifts, even the cybersecurity side of things, where I've seen a ton of really good, talented individuals. They get impacted and it's not that they weren't doing their jobs right or they weren't good or they weren't. It's just purely just looking at the business's bottom line right and to make cuts. And many times, unfortunately, you look at the ones that are paid the highest, and also with the guys that are paid the highest or gals that are paid the highest, they also are very experienced and know their stuff and they get impacted. So definitely have seen a lot of that.

Speaker 2: 3:45

As far as what you're saying trends and seeing this continue, I'm being optimistic. I feel like it's going to. I don't think it's going to continue. It probably will for a little bit longer and, considering the economy and the state of the situation on a global level. But I do feel when, from a hiring side to, I do see there's a lot of hiring back going on now, where the companies have let go of a good pool of talent and now they're like oh okay, we actually do, we need to fill some gaps again. So now there's some rehiring happening as well. That's good.

Speaker 1: 4:17

I don't think I'm seeing a ton of rehiring yet in the tech market. I am seeing more jobs, more job postings from startup scaleups, but it's still like very rocky in terms of all speak with leaders that are there still things like, okay, here's our hiring plan, and then the board wants to review it again and then budget gets pulled for the hiring plan. So there's a lot of stop go. You're right, yeah, and it's weird, it's like I'm having, because my company it's contract recruiting, embedded recruiting, an RPO. We work with a lot of tech companies, not exclusively, yeah, a lot of tech companies and well, even in hot sectors, whether it's cybersecurity or healthcare, what we're gonna? We put together a proposal. They give us their hiring plan and we put together, okay, this number of resources, it's gonna take a number of hours. Like we put together these roast bus plans because they have budget approval, yeah, and we get all the way to the finish lines hold up, the board wants to review, we're gonna, we're gonna hold off on another quarter. So I have it's interesting with these exact like CPOs and VP's, italian and CEOs. It's almost like these record like recurring touch base Conversations where they're like, yeah, we're gonna be ready to move and then everybody's stalling out because Everybody's looking for momentum and indicators that things are starting to improve.

Speaker 1: 5:31

So at this point in Q4, I feel like the hiring market Quite honestly, it feels more suppressed even than Q3 and Q3 usually is worse. Now this is from the perspective of me selling RPO and embedded services. So I am seeing more job postings, but I'm not necessarily seeing an increase in demand, which does not necessarily mean that maybe more jobs are opening. But I also think that there's like jobs posting but people aren't there. It's like more of this pipeline building motion where they're not actually Pushing hard to make the hires. And unfortunately I don't necessarily trust aggregate data out there to tell me how the job employment market is doing in the tech industry, because there's a lot of things that are filtered into tech that are not necessarily these software Companies that we refer to when we talk about tag services. So I don't know. It's interesting, I haven't seen a rebound happen as of yet. I think Q4 is basically gonna be a wash. I don't see things getting particularly better.

Speaker 1: 6:30

Yeah hopefully if you want to Q2, it's gonna be better, but I don't think it's gonna happen fast yeah.

Speaker 2: 6:34

Yeah, speaking from a statistical perspective, I was just looking at some numbers. I think it's cyber seek, I don't know if you've seen that, but it's. They put together a ton of good data on cyber seek where they look at and I think it goes back actually 10 years or higher just Historical data trends are on employment in the cyber industry all the way up to current, and I was actually looking at the numbers and it's interesting actually see into your point. Right, if you look at the number of vacant positions and I'm not hanging globally because there's all these grandiose numbers globally, would there's the latest number I saw was 3.5 million Vacant jobs right, but that's globally and there's always.

Speaker 2: 7:12

Like we said, it's hard to gauge that and the accuracy of it and which ones are really there, which ones are not.

Speaker 2: 7:17

But in the US market to, if you even just do a quick comparison of, like current 2023 to 2022, I think the numbers are something like 2022 780, some thousand jobs were vacant. Versus this year it's gone down by almost a couple hundred thousand, like this, 500 and some thousand that are vacant. Right, it's still a lot right in the US. So there's a lot of vacant jobs out there, but that just shows the tenacity of the actual ones that were they're not vacant anymore, right, for various different reasons, whether it was just they're just not there, or folks were get let go, or structure restructures happen to your point where, you know, even on the hiring side it's and I'm seeing some of that too where it says there's these open positions, but but there it's got the hurry up and wait, yeah, we have things, and then it is slow, so crawl. And then at the 11th hour, oh, hang on, we're not ready yet. Or they just completely go radio silent, right, I do see some of that too.

Speaker 1: 8:17

Yeah, do you have any insights on, maybe, which roles have been easier for cybersecurity companies to fill and which ones they're still? They're such a shortage in terms of a skill gap that the roles are still very much so in demand and maybe there isn't quite as big of a talent pool. I would just like to hear a little bit more about what easier and what's so hard that sounds like a good question.

Speaker 2: 8:37

I feel that the ones that suffer more honestly and this might be a different answer than you would typically get but if you look at the leadership roles, what I've been seeing a ton of is a lot of the senior leaders are also getting impacted in the industry right now.

Speaker 2: 8:54

And then if you look at the amount of leadership roles that are out there, they're usually less Typically, a lot of the companies talk about startups right, when they're scaling, they want someone that can do it all.

Speaker 2: 9:07

They want the individual contributor that can get their hands dirty, get in there, do stuff, actually execute, but then also have some leadership qualities and traits so that actually they can grow and push forward. But then if you look at the leader that's been in the industry for 20 years I'm not saying that they haven't done it before but they're not looking for that execution type of role. They're looking for more of a leader role or a mentor or a guide or that type of role. So what ends up happening is that there is a huge pool of these candidates that are out there, and then there's just a few positions that are out there that are VP or C levels, and then now you've got hundreds and hundreds of candidates going for that one job. I've seen that a lot too, versus with the analyst role and the engineer role. That goes with the roles. There's many out there and there's also many candidates out there, but at least the ratios are not so stretched Right.

Speaker 1: 10:01

Yeah, that makes a lot of sense. And so, when it also comes to just to zoom out too, which I think is applicable to the hiring market over the next five years, I'm curious to get your thoughts too on just how cybersecurity industry is going to be evolving Like when you think about growing your own business. Which kind of companies and solutions do you feel are going to be growing the most, and do you have any thoughts there? Yeah, definitely.

Speaker 2: 10:23

It comes with a buzzword that we're all aware of. Right, it's AI, and it's more so a generative AI, which completely, just almost seems like it just came overnight. Right, with open AI and chat, gpt and everything else. It's basically the applicability to it is across all industries, and that also includes cybersecurity very much.

Speaker 2: 10:43

So there's a ton of these companies that are coming out and, of course, it's hard to pick which ones are going to be super successful, and it takes a lot for a company to be super successful. It's not just about the tech, but it's about a lot of other things around to go to market strategy, about their branding, about their presence, about the type of people they have, their founders, their business model. There's so many other aspects of the company to be successful than just having awesome, good AI. Right Like that's not the case right Integrations and how they work in the environment, their use cases, so on and so forth. But, in a nutshell, I do feel that's going to be the thing. It just depends on which ones will be the ones that are going to be successful and actually be impactful for customers.

Speaker 1: 11:26

Do you think AI could be most effective in cybersecurity solutions? In a tech stack or ecosystem? Where do you think we're going to see the most disruption?

Speaker 2: 11:33

Yeah, from that perspective, I would say I'm going to take a step back and think about it from the bad guy perspective, right? So if you think about it from the bad guy perspective, there's actually believe it or not and put them out there. There's a few of them that I've been looking at, like fraud, gpt and worm GPT. There's actually GPT-like applications that the bad guys are actually built and used to actually target their videos and their automated platforms actually create this awesome, really nicely tailored and crafted Fishing emails where they look so legitimate that even I could be fooled. So it's that's how hard it's become to actually identify Some maliciousness happening. Yeah, so, on that same vein, that's where it's going to go. Is it's basically turning into, rather than human versus humans, good versus bad, cops and robbers, whatever you want to say, right? It's the same thing in cyber, where it almost it. From my perspective, it just it would be.

Speaker 2: 12:34

I would think that it's that's where it's going, right, it's basically bot versus bot. Now it's all these bad things that are happening, automated in a generative AI form. And then how do we build these systems where it's basically these generative AI systems are fighting these Other and it's just they're fighting each other and then the analyst is there on the end and the end user asking questions, but the botcher responding back with really good answers, and many times it's funny because these answers what's the word that I use it was it's confidently wrong, right. So when these answers come back, meaning that they're so confident and that's, that is the answer, but many times it's not. It's actually very wrong. So we have to be very aware of that. To the hey, is this bot actually giving you the right answer or not? So it's tricky.

Speaker 1: 13:22

Yeah, that is tricky. That's something I've heard about with chat GPT as well. It's a lot of the times it can save you a lot of time and it is Accurate, or at least a good starting point, but sometimes it will be completely wrong. Right? So your company, it's a services company, right?

Speaker 2: 13:37

Yeah, yeah, it's funny because, like my background is actually in so past, you know three roles. I was in product and actually building cyber products, but then also I've done a lot of practitioner type of stuff and actually done Security services and incident response and so I've got a background of kind of both where it just sometimes opportunities come your way and it's and you just have to push forward and capitalize on there. For me, yeah, right now we are, but I do the tinker and product and build products. So we've got some scum for projects going on as well on extra product.

Speaker 2: 14:09

But at the point at this time it's purely just how do you do security operations and how do you do it in a way where it's meaningful, impactful and quick. Right in my world, at least from a security operations perspective, time is very critical. As many other industry, time is so important. Right, you have to be impactful and it's be quick in your decisions to making sure that you're doing you're taking the right actions and keeping the adversaries out right. And so that's what our deal is that we want to be able to and we do a lot of projects type of work as well and Help organizations actually do whether a staff augmentation on cyber, the right cyber people, or our project work where we're providing them some good security operations, guys with that intelligence, guys with that hunters, to really keep the organizations safe right.

Speaker 1: 14:58

My question really is around like, from the perspective of cybersecurity companies engaging with service providers, vendors like we're seeing some shifts right, where the market is seems to be so unstable or is so suppressed that you could argue it makes sense for companies to leverage more so outside vendors that are flexible, that they can scale up or down. So, on services side, right Services but to counterbalance that, I'm curious how you think AI might impact a vendor ecosystem. From the perspective of your company, do you see your service offering? It's like a cybersecurity services company? Do you see your solution changing? Are there any kind of tools that you're going to be implementing into your tech stack to service customers? Because that's something that I think about too, and I think a lot of leaders tuning in that might be leveraging whether it's like a company like mine for recruiting or yours for cybersecurity. I'm wondering how much their thought process in terms of how they're going to leverage companies like ours is going to be changing over the next few years. Yeah, yeah, there is a lot of that.

Speaker 2: 15:59

And pretty much hit on the head, right when you're in like a services-based business. It's a combination of people, processes, tech right. You need all three of them to be able to be very successful. And, yes, you definitely need good people and good talent, right. But without the processes and technology, then you just won't be good. Or if you have this tech and if you have a lot of people, then you won't be as good, like you have to have a combination of all of them, right.

Speaker 2: 16:23

So with that set, definitely we have processes in place and we've been able to have playbooks to be able to operate efficiently. But then, in addition to that, we have a research arm where we just specifically research the next up and coming wave of cyber Like what products are really out there that most customers are probably not even aware of, that are doing something interesting, game changing, and they're probably not going to be in the industry analyst reports that are pushed out by Forrester and Gartner and IDC just because they're so new. But that's something that I have a knack for. Just being in the industry for so long, I like to actually do some research on that side and understand what's really out there. So we typically partner.

Speaker 2: 17:01

We've got like a handful maybe five to eight companies that we feel really strongly about. That we've actually embedded within our own systems and we'll utilize and then we can actually we'll partner with them and actually, whether the company is interested in buying something like that to enable themselves, or if they can't like usually the SMBs in the mid market accounts, many times they just would love to but they just don't have the whether it's the resource, the capacity or the funding to be able to take that on themselves We'll say, okay, you know what, we're going to do it for you, but we're going to use some really good, awesome enabling tech to just give you a good experience.

Speaker 1: 17:38

Nice. So yeah, that's awesome. My last question would just be, because I know you're working with a range of customers. Just given where you are in the current market, where are you seeing the most demand right now? Do you see any? Is it so AI like, maybe that like AI providers, or are you seeing more like more demand from enterprise, mid market, smb right now? Yeah, good question.

Speaker 2: 17:59

James, I feel like the demand really does go down into the downstream markets where they may not even know, but they're in and they don't even know where to go, or they don't even know where to look, or they just feel they can't afford it. Just because they're just somewhat smaller and a lot of the bigger guys in the cyber industry, they just go and give them the time of day just because cyber security can become very expensive and it's just, and you got to look at the cost to benefit or look at the ROI and understand, hey, is it really worth spending a million dollars or say $500,000, whatever the number, that amount is right on this one thing for cyber security? And who's going to come after us? Where's this? A small shop of 50 employees and we're not worth that much.

Speaker 2: 18:48

So then the conversation goes into how much is cyber security worth to?

Speaker 2: 18:53

And many times it takes a breach or some confidential records getting exposed or customer information getting exposed. Or even many times there's smaller startups like they just have intellectual property, right, that could be worth a lot, like their blueprints of, like their patents or things that are important, but by the cyber adversary patents and everything goes out the window. They don't really care right, they're going to, especially if it's in a different country. They're still going to take that information and use it and copy it and make their own products and monetize on it. And then now, what is that worth to them? So many times what ends up happening is that after they get reached and they find that, oh crap, I just lost $2 million in business because this other company got started in another country and now I have to go through lawsuits and that's taking two, three more years before I could even regain that money back, and now it matters. So there is a lot of that happens, which is unfortunate, but it all depends on how you measure that risk versus the reward type of thing.

Speaker 1: 20:01

Got you. That's really interesting. I'm excited to learn more and see how things are going to be evolving in cyber security as well as just in the general employment market and the direction of how things are going to be disrupted with AI. So it's definitely really exciting time from a hiring standpoint, employment market perspective on a macro basis, to see how things are going to be shifting over the next few years. But, to be honest, we're coming up on time here. So I just wanted to say thank you so much for joining me today. It's been a lot of fun and, yeah, definitely we really appreciate you sharing your insight. Thank you very much. Thanks for having me, james. Yeah, of course, and for everybody tuning in. Thank you for joining us and we'll see you next time. Take care.