It’s a great time for contract recruitment in the security industry – both for employers and individual contractors.

With the cybersecurity staffing shortage still looming, many smaller organisations need to tap into cybersecurity on an efficient and flexible basis.

And the “Big Four” accountancy and consulting firms have slashed their consultant ranks on both sides of the pond – chiefly due to post-pandemic overhiring (where have we heard that before?). This leaves independent CISOs in an excellent position to mop up some of that work – and generally provide a more personal, individual service while they’re at it.

So let’s explore 11 circumstances where you might prefer to fill a CISO staffing need with a contractor, over hiring a full-time CISO.

11 Ways Contract Recruitment Benefits Cyber Security Employers

Contractors Can Be Useful in Times of Rapid Change

Having access to strong, effective leadership is essential when a department – or an organisation as a whole – is undergoing a great deal of change and turbulence.

CISO-level contractors are expert problem solvers; leaders who are generally used to walking into a messy, tumultuous environment with a mission to create calm and order.

When an organisation is taking its first faltering steps towards change in its security department, or maybe even building out their security function from square one, there may be a temptation to immediately seek out full time staff. However, when you’re establishing new functions, it may not be a good idea to tie your organisation to full time employees until you know they are definitely going to be needed on a full time basis.

Contractors of any discipline or level of seniority can be useful in this regard as they give you the opportunity to “sense check” the feasibility of a role or a function and uncover any challenges before employing full time staff. This also provides the option of some level of handover between the freelancer and the employee to help the new hire get off to the best start.

Alternatively, companies sometimes find it useful to use the services of independent contractors in order to “get the house in order” or “keep things ticking over” while they look for a permanent CISO.

Contracting Creates Instant Growth of the
Cybersecurity Capacity

Contractors of all stripes are essential when an increase in physical capacity needs to happen particularly quickly. It doesn’t always make good business sense to wait around for the slow-moving full-time hiring process to work its magic – especially in a sector and at a seniority level where talent is so scarce.

Contract recruitment can unlock fairly immediate access to even the most specific kinds of experience or intelligence, and often someone who has had a much richer variety of experience compared to employed CISOs…

Contracting Can Provide Access to
Someone Who’s “Seen It All”

One of the major benefits of working with contractors is that they come with a huge variety of experience compared to even the most job-hop-happy employed CISO.

Contractors have typically worked within a variety of different companies on 6-18 month contracts, each with different ways of doing things, different company structures, and different stakeholder personalities in the mix. In short, they’ve fought more professional battles than any permanent member of staff would likely have done – and more varied ones too.

Minimal Onboarding, No Benefits, No Severance

This one’s a huge benefit for the hiring organisation – and a massive relief for the hiring manager! When a contractor comes on board, the organisation doesn’t necessarily need to onboard or train them to the same extent that they would a new internal member of staff.

The onus is largely on the contractor to familiarise themselves with the company’s culture, reporting lines, and relevant stakeholders. This is something that an experienced contractor will have done so frequently that it will likely come as second nature.

Also, because a contractor is essentially a freelancer, there are no expectations put on the organisation to provide employee benefits, position-relevant training, or severance packages. This approach can be refreshingly straightforward compared to the legal entanglements and responsibilities of full-time hiring, especially in the UK and Europe!

Contractors Can Act as a Trusted, Experienced Advisor

Two heads are always better than one! Though I have personally noticed a slight decline in the overall number of contracted CISO positions lately, I have seen an uptick in the ratio of CISO advisory type contractor positions (a role that still requires a full-fledged CISO skillset, might I add). This switch towards advisory roles hints at two rather positive possibilities.

The first is where an organisation’s need for a CISO doesn’t warrant a full-time hire, yet they still need someone to advise the board on security matters. This is a great opportunity for a fractional CISO.

Another possibility lies within organisations that already have a CISO who needs some extra advisory help, or even a temporary “deputy” of sorts. It happens sometimes – maybe there’s a lot to do, maybe there’s a massive transformational project going on, or maybe they just need more hands on deck to steer the security ship. Alternatively, there may simply be a lot of “business as usual” to deal with, perhaps a backlog of work after handling a security incident.

Contracted CISOs can be a truly valuable addition in all such instances.

It’s a Set Commitment With a Set Outcome – And Nothing More.

Many contract assignments involve the contractor joining an organisation with a set mission in mind, getting that job done within the agreed time frame, and (sometimes) parting ways once those objectives are complete.

Everyone knows that that’s the score, and neither party expects anything beyond that. Many contracts start as a six month engagement, and sometimes renew if the contractor’s services continue to be needed, often on a rolling 6 to 18 month basis. Though in certain circumstances, they may continue their professional relationship post-assignment.

Because the contractor’s mission and rates are so straightforward, it can also be easier to calculate the company’s return on investment from a contractor. You know exactly what you’re paying, and exactly what you’re getting in return.

You’re Not Taking a Chance on Potential – You’re Acting on a Proven Track Record

When you employ someone, especially when you’re hiring someone who is ascending to CISO level for the first time, you’re making a judgement on their previous performance and their future potential.

However, the contract recruitment approach is totally different. You’re contracting with an individual due to their actual, documented track record – what they’ve achieved before, why, and for whom. You can see in black and white that the contractor has done X, Y, and Z before, and how that translates to what needs to happen in your organisation. You’re not taking a chance on potential – potential is totally removed from the equation.

Contractors Are Useful During Both Feast and Famine

A lot of people think that contractors are only brought in when things are going well because they are seen as an expense. However, contractors can be useful regardless of a business’s current fortunes.

Let’s get the myth-busting out of the way first. Contractors are incredibly useful when times are tough for an organisation, and are often the ones on speed-dial when a company is on the brink to help them get out of a jam.

The straightforward-ness of contract recruitment is also beneficial when the chips are down. Contractors come on board for a set fee; they don’t require employee benefits or severance; and they often have enviably broad experience in navigating a business through choppy waters. Plus, when a business is down on its luck, it’s important to continue investment in the security function to protect from further misfortune.

On the other hand, security contractors can be a great investment when companies are cresting the wave of success. If the company’s fortunes have led to sudden growth, security is an essential ingredient to make sure that growth is secure. Or perhaps the company is using a new cash injection to embark on essential digital transformation projects where security frameworks need to be properly embedded.

All in all, contractors have a place wherever a business finds itself along the spectrum of success!

Contractors Can Provide Immediate Response to Unexpected Demand

Getting a contractor on the books can help organisations to immediately respond to unexpected spikes in demand. This can be a good spike, like a sudden opportunity falling in the company’s lap, or a bad spike like an unexpected security incident.

Part of what you pay for when you work with a contractor is their ability to hit the ground running. As mentioned before, consultants are used to wading into chaos on day one, so what may be a completely transformationally good/bad event for the business might be just another day in the office for them!

The speed at which you can get a consultant on board makes them an enviable option when a situation seems to be progressing at break-neck speed!

Fast, High Quality, Temporary CISO Cover

It’s a stressful place, the C-Suite. Not least for the CISO, who often feels the weight of the company’s security fortunes on their shoulders. They are the ones whose team has to stave off constant attack from criminals, they are the ones who will be held to account if an attack hits, whilst also being the ones who will have to navigate the company back out of danger.

It’s no wonder that being a CISO is incredibly stressful and sometimes those stresses take their toll. But when the CISO succumbs to that stress, somebody needs to step in. Who’s going to take the reins?

Well, a contractor might be a good option. Not only can they hold the fort, but they might be able to bring a fresh perspective and strengthen the security function. And depending on how the employed CISO is able to/wishes to return to work, having that consultant on board for some extra temporary support may be truly beneficial to all involved.

No Permanent Hire Budget? No Problem!

Say you’ve run out of full-time hire funds, but you desperately need a certain type of butt in a certain type of seat. Contractors are a great solution to this particular conundrum, regardless of seniority or sector.

Most kinds of contractor will have a full-bodied variety of experience that they bring with them to an assignment, and all parties know they are only there on a set, temporary basis. If they end up justifying the need for a full-time hire in their place, you can disengage at the end of their contract with no hard feelings (or offer them the role if they are open to it!).

Why Choose an Independent Contractor

In mentioning the “Big Four” consultancies above, I feel the need to clarify why I think choosing an independent contractor is more beneficial to smaller businesses than working with larger, corporate “household names”.

Now I don’t think that these firms are unable to deliver on their promises, far from it. But I do think that the size and faceless-ness of these organisations can be an issue. For example, when they come to pitch for new business, they will generally try and wow their prospective client with one of their highly impressive consultants. However, as we’ve touched upon before, there’s no guarantee that the same individual who rocked up on pitch-day will ever see hide nor hair of that account ever again as there is actually a whole team dealing with that account.

However, when you invite independent contractors to pitch for that work, you are directly interfacing the person you will be working with. You can better gauge how they will deliver and how well they will fit within the company culture. They aren’t hiding behind an account manager, and they are the only person accountable if they are unable to deliver.

This interpersonal relationship with the individual gives the employer closer control over the situation, in my view.

Contract Recruitment – In Conclusion

When you have a particular staffing need, choose a recruiter who is familiar with the rigours of the industry and is keen to solve your problem. Recruiters are here to help with any staffing need: full time, part time, and contract.

In fact, recruiters commonly have great relationships with independent contractors. We certainly do here at Bestman Solutions as we’ve placed many of the contractors on our roster a few times before!

Bestman Solutions have a proven track record within the industry of pairing highly skilled cybersecurity leadership professionals with companies in need of their services.

So whether you’re a hiring manager with a need for security leadership, or a security contractor looking to get stuck into your next new project, get in touch with the team at Bestman Solutions!

Back to Publications

More Publications

The Business Skills Security Leaders Need and How to Build Them

Read more

Were you aware of these Cybersecurity awareness days?

Read more

5 People-Focused Ways to Build a Robust Cybersecurity Culture

Read more