Cyber security skills for high tech companies

so without uh further ado i would uh introduce uh rajvir sandhu uh i hope i spelled your name correctly rashvi uh we're gonna hand over to him he will be our host for next hour he will introduce the topic the the panel and we're gonna have questions from the attendees you can write your questions here in zoom um or again if you are in in youtube you can write your questions in in slack if you are there and what we're gonna do now i'm just gonna promote all of you folks to the panelists role and that should be it

okay can you hear me raj i can hear you now david can you hear me absolutely great um unfortunately sorry unfortunately i'm not allowed to start my video okay give me one second yeah let's give a second as i said we have some a little bit of technical issues but i should be able to um to allow you to do that um sure what it is now okay let me double check if there is a way to do so here if not yeah i think we have okay you know what i'm gonna make you calls i think this should work does it allow you now to start your video and can you see me perfect i can

excellent yeah policies for this like you know glitch again as i said we had um this technical issue we had to rechange our links and and perhaps we need a couple of things in the configuration so i'm basically promoting and all of people to panelist and then co-host and then you can move from there [Music] i think this is the last one okay this is the last one let me then promote all of you two calls because yes because

rash did i spell your people incorrectly you did but you can call me raj most people do most people do call me raj nice and easy okay okay okay hold on a second i've only seen the promise the only one i see i see martin [Music] everyone is here hey everyone are you here i'll be joining on video momentarily hey maria okay okay okay great so again uh a little bit you know the introduction of the panelists to you raj just for people who don't know him he's a ethical world health organization so take it from there and thank you all of you for joining excellent thank you very much david hello everyone i hope you are all well

welcome to b-sides barcelona 2021 firstly and foremost i would like to thank the co-founders and organizers for hosting such a great event as well as our viewers and listeners because without your attendance these events would simply not be possible so just to introduce myself my name is rajveer sandhu otherwise people do call me raj i'm today's moderator or host of this session i have been working in cyber security for the past 15 years providing security expertise to organizations in ethical hacking and risk management and my current engagement is at the world health organization in geneva so today i will be speaking directly with four panelists who bring with them a significant amount of professional working experience

within within their own specialist areas of work so if you would please allow me to welcome lola ogunteken maria dillon martin hop and martin vigo so if we could start please with lola lola how are you today i'm very good raj thank you how are you very well thank you please take the opportunity to uh introduce yourself and then yeah and then we can go to maria and then off to the gentlemen as well okay brilliant um so my name is lola i work as hr business manager for a fintech company called silverfin hq'd in belgium and we have a team of remote engineers and as well as a uk office as well i actually joined initially

um to help with recruitment efforts and have kind of progressed into a more traditional kind of hr people ops position awesome great maria yes brilliant thank you so much for having me and yeah my name is maria gillam and i am the head of people here at times which is a security automation platform and we're so excited to be joining you all today i my main expertise is all things people so talent acquisition and with a particular view on hr and hr business partnering so i'm so excited to to have a fellow hr person on the panel as well with lola today awesome great welcome welcome on board and martin please um hi so so

my name is martin hopp i come here from i live in poland and uh right now i'm a staff engineer or staff security engineer at uh old zero uh mostly focusing on the security of our platform uh but prior to that uh for over three years i was a security engineering manager at all zero leading a couple of different uh security teams in application security vulnerability management offensive security awesome cool stuff fun stuff and uh lastly martin please yeah it's it's funny we have two martin's in the in the call so i can be martin bigger and the other martin so in my case i think uh 12 years uh working in silicon valley in different

companies actually some of the bigger ones like apple and salesforce and currently at a company related to social networks uh i'm on the hacking side of things so first i started a software engineer and then because my passion was uh all things hacking i did a lot of product security and currently because my passion is really offensive the offensive security side of things i'm working in a in a red team and it is a pleasure and an honor to be to be invited to such a such a panel of of experts and especially for such an important conversation as we're going to have 100 thank you all much appreciated so as all our viewers and listeners know

our topic for this roundtable session is on cyber security skills for high-tech companies we will be talking about talent acquisition diversity and retention as martin vigo just mentioned which are very interesting topics across all industries which i personally believe will always attract attention due to its nature so let's let's jump straight in let's start with the topic on talent acquisition and if i could begin with asking either lola or maria could you please describe to our audience what talent acquisition is and what it means to an organization in today's world sure i can i can take that is that yeah i'll take that and so towns acquisition is how how you um how you acquire your top talent so

how you source how you find your talent and how you can be compete in the the people market and within a such a strong competitive zone such as cyber security so and for us that is sourcing finding getting the hook getting them in hiring them getting them through the process and getting them in the door into into our amazing organization um and it's the difference for me i i don't have a strong cyber security background i have a very strong tech background and i've learned so much here at times in terms of how we acquire the cyber security people and it is far more challenging than many other roles within the tech organization that's great and lola would you like to

add in addition anything to that yeah um i think the only thing i would definitely add i think it's on the competition piece um uh you know definitely if there it is a somewhat of war um on talent um and understanding what the best is so you know every um company and department and um team manager will have a concept of what they believe the best is the best fit so having a good understanding of what that is for that particular unique opportunity and trying to meet the needs of that trying to do that effectively oh that's great that's a great introduction talking about competition um and attracting talent how do organizations or how can

organizations ensure that they are attracting the best talent and in your opinion what do you believe are realistic expectations that organizations actually want to see in candidates um i think when it comes to actually attracting the best candidates um i always think organizations should ask themselves well why should anyone join us right so um i think when you think of it from that perspective that's the that's the best place to start um one thing people love um regardless of the type of business it is is a challenging opportunity so um have being able to solve a problem um and if you're honest about what that looks like i think that's one of the best ways of actually attracting the

right and the best people because quite often when someone has been in a role maybe for a certain amount of time it starts to kind of feel like bau like business as usual and actually people do often want to get their teeth stuck into something new right um or get the opportunity to build or set something up from scratch so i think um really that's the first thing one what type of position it is is it and what type of opportunity is there for that person to really flex their muscles or build up skills um or or do um a project or activity in a more in-depth way um and then i'm sorry i forgot the second

part of the question i know it's just really about what organizations you know what their expectations are what they want to see in candidates but i think from my perspective a candidate that wants to be challenged consistently is a major plus point right exactly yeah so i think what what businesses are definitely looking for what companies are definitely looking for is quite often when you are joining a company or joining to solve a problem so they are looking for people that have that problem-solving mindset so um you know we'll probably go on to this a little later on but this is where um you know into the purpose of the interview is to really understand how

you approach problems um it doesn't necessarily mean you always come out with the best solution but how do you work with people how do you tackle it uh when it doesn't work the first time what do you do then right um so they're using that as an opportunity to really understand whether you're going to be able to do what they need you to do it's not just about having that technical skill set it's also how you apply that and how you work you know in general as well absolutely and what about what are your thoughts on people skills you know people that fit into the organization especially culture i think culture is absolutely incredibly important and candidates need to be able

to fit in no matter what the culture is like from my experience i've worked in banking i worked in the public sector and you know the two different industries essentially even though my role was very similar but culture is an important important piece right culture is um yeah it is super important and actually what is important to i don't know an investment bank for instance won't necessarily be important to a tech startup or scale-up so i think one of the things that's really important is to understand the business that you are approaching or talking to do your research what does their website show you what do their social feeds show you um you know if you're not seeing much

about company culture then it could be that there isn't much of a company culture you know if it when it comes to perhaps celebrating people etc so definitely do your due diligence and really think about is this the kind of space i actually want to work in i also recommend you know if you can go on linkedin quite often when you click on the company you can see the people working within that company you know just browse see where they've been where have they worked before again to get a sense of not just the culture of the business but the culture of the people who are you know the culture that they worked in before and therefore what

they're bringing into the business so i think really the most important thing is having a realistic sense and understanding of the culture of the business because i think a lot of people think okay i'm working in tech so working in this company is going to work in this way and it really depends on the industry of the company when was the company founded that's usually a big indicator um as well so definitely i would say just do your due diligence and and research and see what you can find great leather thank you sorry korea yeah if i could just add to the culture piece i i think they're they're phenomenal tips and there's just one thing that has

recently come up internally that i'd love to add we're we're a startup and we're we're really trying to define what our culture is which as we all know is really difficult to do especially at this stage so we've had a couple of focus groups those were very much about gathering information from everybody in the business and one thing that struck me about culture when i was talking about like us getting our statements out there our values out there was i was so impressed with the team saying but let's back it up with actions so that's the other thing that i'd advise people to to look at there's there's plenty we can all think of amazing

companies that have the best websites and the best statements out there but let's look behind that and let's look at the actions that the actions that they are doing to back that up so what we're trying to do here at times is start with the actions so that when we make those statements we can bring in those examples live on our website on linkedin on socials and get it out there and then the other part of that is an interview so that we can speak to actual actions and impress candidates that way that's something that we're definitely looking for so to flip it on the candidate side i would definitely recommend they look for the actions as

well as the statements that's great lola maria thank you so much that's great and and now to of course bring our security experts into the same conversation so um and a question to both both martin harper and martin vigo you know given the exponential increase in global security incidents data breaches news reports that are disclosing new hacks against organizations pretty much on a daily basis from what i see in your opinion how do you believe organizations or even cyber security teams or it teams can actually adapt successful talent acquisition programs and ensure that the talent that they are bringing in again as lola maria mentioned is to keep them challenged how can those programs be successful in based on what we see

today in the real world specifically to cyber security yeah that's that's a great question because there is definitely a the word out that there is not enough people uh trained in cyber security to fulfill all the openings that we have right and as as you very well mentioned with the profession especially of ransomware attacks that got so much visibility to all the audience beyond the hacking community or the cyber security uh people and other companies started to catch up and realizing okay i don't want to lose i don't want to be open to lose this many million dollars because of one incident so i need a neck to bring in an expert and take care of this so one challenge

that the that the industry has is cyber security is fairly new so finding especially senior people especially challenge if already and uh the hr experts here will will will know better than me but if already finding juniors or or in entry-level um candidates it's already challenging imagine finding really senior people i always joke with friends around that here in silicon valley where you will expect that all the experts are right there is like 12 13 14 seasons like the higher ups the most the the the position with the most responsibility when it comes to information security they just go around the companies you know like there are about 15 guys and women that uh they just change companies among

themselves that are just not much more just because the industry is what like 30 40 max 50 years if we really go to a kind of the 70s when this all started so it's difficult to be in hr and having to bring people with seniority so now to address your question more specifically how can we do that my opinion obviously from the perspective as one of those candidates right what i've encountered i can speak what is something that makes me go choose a company over another i was taking notes as as lola was speaking here for me one of the things that i've encountered that has literally pushed me away from that company even though i liked the

rest was not having the possibility to do research and present it at conferences so for me that's a big aspect of what i like to do it has i could go on and on of the value that it has for the company but i understand this is not a critic but i understand that there are companies that are concerned of the legalities so or they just don't really understand the culture of of doing research in cyber security going to big conferences to talk about vulnerabilities they are just scared that you may talk about one of their clients or something like that or someone will get upset and impact the company or the business so for me when i

go interview with a company and they tell me they don't have a strong open policy on do research or of course always responsible right i'm not going to drop zero days or critic vulnerabilities without doing responsible disclosure but that for me is a turn off and i will probably pick another company then training being able to get training as you are at the company that there is a specific budget to at least take a training a year because you cyber security in general computer science but you get you get rusty very quick like it evolves so fast and when it comes to the threat landscape we see it how it evolves every day so if you don't get proper training

if that company doesn't provide you that service then it's it's it's another turnoff for me and then i will have nowadays with how the pandemic has changed the landscape as well right flexibility and here we have to differentiate i guess in ages right probably the new grads they don't care so much about that they just want to cool work on cool stuff enough opportunities to learn especially what i would recommend is look for a great mentor it's probably most more important that you have a good boss than a good job so to speak because having a great mentor is really going to make a difference at the beginning of your career but when we look at older

people or older people i don't want to call myself old but in my age are all there that are starting to have families then flexibility is really important being able to work from home having a hybrid a work environment in which they can actually just go several days or even beyond that if you want to hire senior people you can't force them to come to where your heart quarter is if they live in new york and you have your headquarters in san francisco and there is a candidate that is really difficult to find over there don't force him to come here and change the kids from going to that school to a new school they're wise or if it's the

opposite their husbands to have to change the job and look for another one whatever it is that's another challenge that makes it even more difficult to find senior people that's a great answer martin thank you and it's interesting you mentioned the pandemic and you mentioned hybrid working as well as the remote workforce so martin i'd like to bring you in as well on the panel please so could you please you know from your perspective um the kovid 19 pandemic has introduced this new hybrid working environment right and and this remote workforce how difficult in your opinion has that transformation been and what would you say are the lessons learned that we could now take with us

going forward right so it's so it's going to be a little bit hard for me to uh to say what has changed because the company that i worked at right now and the previous ones as well were sort of remote friendly from day one so the teams we've been building um were very distributed um like it's like from from the get-go right so so this is um this is something that uh it's like previously it was not really possible for just one tiny part of a larger company to say like we're going to be remote friendly it had to be um like supported from uh from the company uh because ultimately security teams uh work with the rest of the business with

uh engineering product management hr finance like we in our day-to-day job pretty much touch everyone so if they're the entire company is very focused on you know bringing people together in their offices and like one all the team that's remote uh would have had a hard time now you're right like the companies that started remote first um i think headed way easier in the pandemic in that there was literally no change uh in in how they operate i can only imagine how um how much of a transition that would have to be uh for for other companies um but you know talking to a lot of friends i think the industry as a whole was very successful in adapting like

some companies did better some did worse um but a lot of companies like they had to make that transition and fairly quick at that so uh so they did i think one thing that kind of helped all of us was that uh technology was there like you know video conferencing um instant messaging tools like uh teams and slack and um those things i think uh in their maturity uh that they you know we're in a zoom webinar i don't know how difficult that would be to pull out like maybe 10 years ago um uh and today is just non-issue like those things are just utilities they work and i think that was uh that was a

tremendous help because then people could focus on organizing themselves and making sure that um you know their communication protocols are up to the task in this new um it's a remote environment and not fight with the technology so i think that was uh if if this happened say 10 years ago i think it would have been uh it would have been much difficult um like one thing i i want to mention and to um get a circle back to to what martin said like i think the companies that are um like very flexible and it doesn't uh only mean allow people to working from home but um you know also allowing like flexibility and structuring and

structuring your day uh and the flexibility in like traveling so working from different places different time zones as people um kind of find it either convenient or necessary sometimes there are like life necessities that um we have to uh we have to take care like those companies do have and will have an advantage because they're naturally a their talent the talent pool they can draw from is larger but also since everyone is remote like any person that's joining the company as a remote employee has an easier as an easier start and i think this is um like attracting and acquiring talent is uh like this first necessary step but everything that comes after that onboarding people keeping them

you know engaged and included i think that's that's super important as well that's that's great martin thank you and and trying not to go off track but you know being a security enthusiast myself i would just like to say of course and i'm sure you will agree going remote especially for a full workforce during you know the lockdown phases in in whatever country of course naturally introduced new threats new vulnerabilities more phishing more scams more cyber attacks from your engineering background what did you see during this difficult time of lockdown where everyone just had to work from home right this is so one kind of tricky situation that i think a lot of companies faced uh was that

you know companies couldn't afford for the business to stop like they needed to ensure continuity of operations and when people went home like there's always this question okay so how are we going to enable everyone to access that the tools the data uh that they need to work on a day-to-day basis and you can kind of do that in a secure way or you can just open it up uh to um like very um kind of public type of access just to enable people to do their jobs but if you're doing that in a way uh that doesn't account for um security and access control you're opening up yourself to uh to a huge risk

so i think companies that had a strong security story around remote access in the past even if they were not fully remote but had for example uh sales people that were like always on the road and like did their uh homework in allowing them to secure access i think they had the foundation to uh enable that enable that secure access uh from the get-go uh and companies that were sort of relying on you know people being in an office and treating office and corporate network as the security perimeter for the company like they they were in for like a huge readjustment right so so i think uh it's um like there were companies even though

that even those that were kind of more traditionally um office bound so to speak that were very well prepared from a security and access management perspective and i think this act this sort of story around um we know who our employees are we authenticate them whenever they connect to whatever corporate um tooling they need those companies we're in a much better position than you know companies that were allowing anyone on their corporate network to access uh things like corporate intranet email and and and things of that nature that's great martin and lola or maria how was your experience with with going to fully remote because i'm sure you were probably in the office prior and yeah i i was on maternity leave when

it when it all happened so i came back to a working environment and in a previous company that was extremely different um and before joining time so i was really really happy when i joined times to know that our view on where and how we work is up to each individual employee no one in times is going to sit and tell you what your working week should look like and we lead with trust and and that was a huge factor for me and especially coming out of maternity leave in particular so that's something that we're finding is so vital we're candidates they not only is it like can i work from home it is how do you expect me to work how are you

monitoring me because so many companies are either expecting people to come back to an office or they are like talking about hours or how they monitor monitor them and people have really gotten used to the flexibility and and it's proven that people can be successful companies can be so successful we've been incredibly successful all throughout the pandemic which is amazing so there is no concern around the productivity piece and good candidates out there good cyber security people know that and and the companies that aren't looking at the remote aspect and leading with trust i feel are going to fall behind yeah so i i would say that our experience was a little different but that's because um

we do work predominantly well we've always been flexible so you could usually always work i mean if you work two or three days from home before it wasn't too big a deal um people normally did at least two days there were some teams that did more than others um we have our engineering team is completely remote so we've always worked in a flexible way anyway um i think remote based companies or remote first companies have been growing um in popularity anyway but when you join a company knowing you're gonna be working in an office then you make that conscious choice for that and it's because you do enjoy those face-to-face interactions um those physical and face-to-face

interactions um so i think for a lot of our team it was a shock a lot of people felt isolated um disconnected um we had new starters and it's because we didn't really i mean we tried but the fact is we were never prepared to work or on board people like this and we just found that people weren't actually um engaged with our culture the way that they used to be um so there was a lot of learning involved in terms of trying to turn things around but it was really hard work and difficult to sustain um now we're slowly kind of we're pretty much back in the office now and we encourage people to come in three

days a week if they're near an office but they don't have to um so again it's very much look we trust you you're adults you're gonna come in when whenever you need to if you need to and what we're finding is people are choosing to come in on certain days when they know they can collaborate with other people um so that's what we're finding and actually what we're seeing is people just appreciating each other a little bit more than they did before and um yeah so for us we do like the fact that there's flexibility and you can choose when someone is remote especially if they are in the same country we try to get them to come to

the office um on their first for the first couple of days or so we cover the cost of that but it's just to give them a sense of you know silverfin identity so to speak just that they attach to more than the work they actually attach to people um and um yeah the collaboration piece as well um so it's been it's been an interesting time for us and we're still working our way through it that's cool that's very cool if you've got young children like myself then yeah staying at home working from home and managing those is a job in a job in itself but yeah all good fun and games now that's great thank you thank you all

so much for your answers um i hope it was very valuable for our listeners and our audience but let's um let's move on to our next and in my opinion probably the most important topic um based on our discussion today which is diversity and a question for all of you um and please don't feel you need to answer this in depth whatsoever i'm sure a lot of our viewers and an audience have a good understanding on this topic but in your own words could you please describe to me and the our audience what diversity is and if you believe that there is a lack of diversity within the tech industry and we can start with maria

yeah absolutely um i mean sorry i was nodding because when you said do we believe this i was like yes yes it's like shout out from the rooftops there is and we should all be talking about it every single person in every tech org should have a front of mind and i think that's where we need to get to um i think there is a general lack of diversity in in tech in general but um as i said i moved over from from tech in general into into a more cyber security focused um or and from a ta perspective that is a struggle and that is very very very clear that there aren't um a huge range of diverse

candidates ready to go like there are in other companies they're there but companies need to make a much more deliberate effort to go and source and find um and to truly truly put the effort behind it and i think for me that's that's the biggest piece and that's something that back to my earlier statement about actions we we have to lead with actions we have to be really deliberate about how we do that and i'll be really honest and i'm going to make a bit of a statement here no one has that right i i cannot think of a company that is that i say they've got it they're sorted they understand it i mean

different companies do do well in different areas but we in general have such a ways to go and knowing that is is a start but man do we have to back it up with actions very nice and lola from your perspective yeah i think um for me diversity um comes in all shapes and forms so we're talking about um you know your background in terms of your ethnicity we um sex um it could be um even just you know your style of communication even uh it could be um yeah just so i i think one thing that i do worry about when we do talk about diversity like i think diversity is very important but

there are i think we first need to learn what diversity tends to look like i mean um i even saw a post on linkedin yesterday um about from someone at monzo and he was saying that he um that we need to also consider neurodiversity as well and it's absolutely true and i think the most important thing is one recognize okay do we have drones like or clones of people and if we do why is there a reason why that's important or we believe this to be important and how do we change this okay and then on top of that we say things like okay yeah we want to get people in but then that it doesn't stop there when

you get people from diverse backgrounds into your business is your business ready for it is your is the culture of your team ready for it because what i often see is you hire people but you don't know how to interact with them you don't know how to perceive how they're communicating with you or you know perhaps you don't have the patience to work with them in the right way to perhaps train yourself etc and that that is at company level department level individual level um you know is it actually safe to be different that's you know do we create that kind of safety um so that's what one point and then i'd like to make a final point as well

just regarding how we get more diversity so else outside of the you know perhaps the the traits that you can't see physically um i think we also need to consider that a lot of what people believe they can do starts from a very young age so how their parents raise them how their parents teach them the difference between boys and girls and how to react to things what they should be interested in etc like a lot of that is implanted from a very young age what do we or what do parents encourage their children to do right do you encourage your children to i don't know do ballet if they're a boy or to do

sports if they're a girl like what what do you accept you know do you let them explore who they may be as well um and then on top of that i think we then also need to look at vulnerable communities as well what do we do to help them have access to these spaces as well um you know how do you let someone know let someone from a deprived community know that there is this cyber security space and actually you know how do they make that leap so i think there's there are lots of different buckets then there's a lot of work that proactive work that needs to be done that's great lola thank you so much um

martin diego would you like to say a few words on on diversity and and yeah leave this yeah please go ahead yeah so i mean lola pretty much in a very elegant way uh said everything that was in my brain but i will try to add that in uh yeah so the first thing will be mentioning that depending who you ask about what diversity is right you probably get different answers because um also because of the society or the specific country what you see you may get if you ask someone what is what is diversity they may focus on women or they may mention the specific race or they may or a specific minority so

that's one thing and meeting from spain having worked there by being 12 years in california in the us and that's especially especially true so so yeah one thing is is understanding what diversity is right or that it just doesn't stop at the specific thing that maybe is more relevant so to speak or more common in in your specific country because it goes beyond that lg tv community for example that we haven't mentioned that's that's another one right uh lola mentioned very great the company and it's also to be ready for that there is if you just uh start to make an effort to maybe target your your open roles or like try to give opportunities for minorities or whatever

it is let's just say minorities as in a in a global sense uh and the company is not ready you are not gonna succeed you're gonna fail because that person and that's not that's not on that person specific the rest of the company needs also to be uh to be on point for that so to speak um then for example in my case when you also mentioned is there is a diversity in cyber security i mean i just have obviously we need to go to the official data but when i go to security conference and i look around the pattern is clear it's it's white males right so i i from my personal perspective definitely there is a lack

of diversity i just need to look around being in conference of thousands of people and there is i think no question in the value of adding diversity to any industry but uh you know from every perspective races nationalities sex religion everything else i i think there is no question about that so we should definitely work on that and then i will just just mention specific between the spaying and in the u.s specifically for me for example in san francisco the weird the the rare thing will be that in a company i talk to the same nationality so here in san francisco when it comes to nationalities it's pretty diverse but that doesn't mean that it's the same case in cyber

security for example for races or for lgbt community so for example here the nationality diversity wouldn't be so much of a problem again from my own experience as a weight calculation you know but it will be maybe a problem for diversity when it comes to two different races for example so so it is definitely something that we need to understand what diversity is and that's why um ravioli was such a such a good question that you asked that what is actual diversity thank you thank you martin and and thank you for that answer so maria marie you mentioned actions actions actions which i thought was great and lola mentioned education from from childhood so what what if you could you describe

to me what you believe that organizations in today's day and age can what they can do to improve diversity where it will actually have a positive impact on talent acquisition and you can see what i'm trying to do i'm trying to link the two with diversity and talent acquisition so what do you believe organizations can do better to ensure that we achieve diversity the way it should be achieved sorry uh yeah i think one thing that i see um with a lot of teams is quite often um we tend to promote good individual contributors to team leads and managers right and that's fine but if that person doesn't have the right kind of people skills to

understand how to kind of manage you know different people that could be an issue so i think the when when you are promoting someone when they are climbing up the ladder and they have more responsibility um there needs to be some training and coaching that goes along with that and i think before that promotion even happens they need to already be demonstrating those traits and that's something that really from what i've seen anyway um doesn't really tend to happen um maybe someone will do a managerial track training course but that's it okay you've ticked a box okay then you're a great manager no it's not that simple so i think there needs to be a much more

intensive way of actually looking and measuring that i think another thing that companies can do as well is just generally so for instance do general training across the business so what is diversity why is it important how what what kind of things should you avoid saying or how should you avoid speaking about different people so i think if we can have conversations um training and conversations around that because we don't want that to be a one-way conversation but there should be a two-way dialogue around that i think that will help people um understand and learn and when they're hearing the experiences of perhaps a colleague or a counterpart then it becomes more real for them

um i mean what i have seen happen is you know yes you find let's say for the sake of this argument you find um a a female who is willing to join the engineering team she's there for a few months and then leaves why because people don't communicate effectively with her perhaps they're not listening to her when she's giving feedback on hey i find this a little bit offensive right so um i think it's just we just need a little bit more um empathy and to just take the time to understand people as individuals as well um so not just on work topics but actually spend some time with this person so you get a

better understanding of who they are and why they think the way that they do so that when you are collaborating work wise there's a little bit more understanding there understood and uh sorry maria i was going to take the floor but do you think that what lola described there would encourage more women and you know the lgbtq community to join maybe the tech industry or any industry for the long term yeah i mean it what lola was was talking about there is is absolutely vital but also i was you really triggered something with me in in the general conversation i feel like that is often missed that like i know i talked about actions and i

believe in bringing in like bias training and diversity training and then following it up but it's also been in a safe space to talk about it so we might have managers um or people that think oh i don't know how to bring this up but i'm a little bit worried about the balance on my team whether that be gender whether that be people of color whether that be race or sexual orientation what whatever it is but but it's also sometimes it's a blue subject so it's really really important that we we talk about it more we talk about it and from a leadership perspective in any kind of all hands that we that we bring it into

every conversation that we bring it into our performance reviews and we bring it into our employee surveys we ask people if they feel like they're safe if they feel like they are included and and to start touching on the word inclusivity which is really really important i feel like diversity was the topic 10 years ago that we were talking about just like women in business was 10 years ago i feel like we need to start thinking about that inclusivity and how people feel on a day-to-day basis we talked about how people are working from home is there a joke on a zoom call that makes them uncomfortable because they're but they're not in the office so they let it

go like we need to bring in that culture of open dialogue so that people feel safe and can talk about it more and that in itself will lead to more actions that's great thank you maria martin hot would you have anything to add just before we maybe then move on to our next topic yes so like i wanted to reiterate that uh leadership at every level plays like a crucial role in that and as as companies grow i think a lot of um kind of is set by the early leadership uh because as little i mentioned there are great employees who later on become team leaders and managers but um i think every time that that happens they kind

of grow into that role in a particular context of the company so if there there's lack of uh diversity and inclusion company culture at that point it's very hard to like build that next generation of leaders that will instill that culture um and like there's tons of work to be done both for like enhancing the existing structures like teams departments and also encouraging and um teaching that new generation of leaders that um that this is super important and teaching them how to do that how to listen to people how to coach their team members to uh be sort of more more open and uh behave in a way that does not pull uh pull people off um and one other thing

is that um like i think to tie back to the talent acquisition part is that the interview process is like super critical because this is when when candidates talk to their future boss their future peers and uh if you want to bring in more diverse talent this is this is sort of how you show off this is this is where you show that uh you know this this workplace is safe for them to join so i think this is this is super critical so when it comes to training i think it's not only for managers it's for everyone who's kind of involved in that interview process that's great mason thank you so much and and of course i guess it's one of those

topics where we could probably just spend all day over a meal talking about and with different opinions and different experiences and backgrounds but no thank you ever so much um so that leads me on to um kicking off our final topic which is retention so from my my perspective retention is how do organizations essentially retain or keep their employees and based on your background and experience once again could you please tell us or you and the audience what are the challenges in recruiting and retaining people in general based on your experience at your current organization and we can start with martin bieger all right i was taking notes here because i have really bad memory so i

mean it relates a little bit to the previous question that we had around how we actually get people in in first place right and i personally talked about the the aspect of the flexibility and being able to research and stuff going beyond that once you are at the company how can we make sure you don't leave i mean the obvious one i will start with is a career path right you probably people doesn't want to get it depends because sometimes there is people that they they got to a good place they like the job that they do and sometimes there's this joke that a you know as soon as someone does his job really really well you promote him and change

him from that job or maybe it's actually not a great idea because then you set him up for failure if he's doing a great job there and he's happy there just it's fine keeping their in i mean from the monetary perspective obviously you should still be motivating that person right but maybe promotion is not always the best path of course that the employee needs to choose that but i think a strong solid clear career path is is a is the way to retain someone because um usually like here in silicon valley right because there is so much demand especially in cyber security the joke is hey just if you don't like your boss look for another boss rather than you know

look for another job and stuff you can you can you have really a strong hand if you are in cybersecurity in silicon valley because there is so much demand and so many cool companies so many cool products to work on so retention is really difficult so and it goes beyond giving free lunches massages at the chairs those are all good and you get that at the big companies right but i think a a strong career path is one again flexibility especially an understanding that the company shows that understands that we've coveted things have changed things have changed and i i definitely understand maria's point and lola's point that that they have different experiences and it

is a challenge for everyone i'm just saying that we cannot ignore it so a company that that gives you um facilitates a little bit of transition if it needs to be back to the office because not everyone has a job that can do remote right if you work on on servers you need to be on on the server rack fix that so so that's another thing like the flexibility and understanding and giving tools for people to slowly transition back to what it used to be if they have to or even be open to to remote work i think i will stop at those two because i'm sure the the rest of the panelists have others to add but for me those two

are very important that's great martin thank you lola maria would you like to add anything to that yeah just as martin was was talking what struck me is i i loved your point about the massages and all that kind of stuff because again i if i look back five or six years in horror and and talent acquisition we were we were striving to bring in all that stuff and now that stuff is standard right so so you have to not only compete with the standard stuff but you have to really understand what people want on a very personal level and something that has come up quite a lot recently is a voice and a seat at the table

and i think that's a new thing that people are looking for and and listen it's great for us we're we're a start-up on an incredible product people are interested and then we give them the opportunity at the size that we are and hopefully as we grow to continue to have a voice so constantly getting feedback not just on the day-to-day stuff but on the product on on the mission on the goals on where we're going and and getting that feedback constantly from the teams so that everybody feels part of the journey and that's something that we're really really striving to do well here because that is a differentiator it's no longer the snacks because well we're not in an

office or well we are part-time but it it's no longer that it's no longer the dinners at google and it it's more than that and it's really that self-worth and what we're hearing a lot of is that voice on the seat at the table and getting getting hurt we're not always going to agree but people want the debate and cyber security people in general love a good debate so it's really really great to bring them in and that's something there's loads of other stuff but that's something i'm seeing as a key differentiator at the moment yeah i i completely agree with maria i think really understanding what is important to the people within that business or

that organization or that team is the first way to go again you can't make everyone happy but at least being able to understand what on the top line is important to people and i think generally people want to know that you are willing to invest in them so whether that's uh in in the view of a career path and i think the wonderful wonderful thing about tech and engineering in general is that they're always these two parts right so specialist and managerial so there is the opportunity to do um either one of the two and still earn very well um but even where you don't have that seeing that the company is growing enough that there's always going to be

an opportunity to move into something or perhaps work on another feature or something like that so it's really more about being able to do something new learning new skills stretch yourself in a new way i think another way is definitely more around policy than the perks so for instance if you want women to join your organization what does your maternity policy look like like do you actually have one that will support her in her first year and so that she feels like okay i can actually come back to work because i've been given enough time or my partner and i've been given enough time with our new baby um and you know when they do come back

to work how are they supported when they come back so i think it's really looking at those policies that help people balance what they want to do personally with what they want to do career-wise and quite often people have to choose particularly women have to choose between the two just because they're not getting the support that they need whether it's during that period or when they get back and again this can look very different for different people but i think it's just ensuring that we really invest in people whether it's training policies etc and we support them um based on what their personalized needs are well that's that's great that's great thank you thank you so much

something i've come across pretty much every organization i've worked at is employee survey questions and in all honesty without no disrespect to any organization i work for i personally have never really seen the value of that maybe because i've never stayed at a company long enough however in your opinion how valuable are these employee survey questions to boost retention and is there a real value in actually doing so because i'm sure we've all come across one before yeah i think that's sorry yeah i definitely think there's value there i think um depending on the type of organization and business that you have but especially with us being more remote now in general it's a great way to get an understanding of

what people are thinking especially because a lot of the feedback is anonymous and the surveys now also look at things like well-being as well as how they're feeling about the company and their role i think where it's a waste of time is you have all that valuable information um and you do nothing with it i think that's where actually it can be dangerous and detrimental because people just think okay what are we doing this for if you're not actually going to solve these key issues that keep on coming up so i think when you do these types of surveys you need to truly be ready to act not just you know hey yeah we hear you

that's nice see you next month that kind of thing yeah you have to um it can backfire when you don't i've seen it backfire when to the point raj about they roll them out you answer honestly you're sitting you're waiting and then they'll they'll come out with you know here's the top three things we're focusing on and they don't resonate remotely with what you or any of your colleagues wrote down and i think that's the key point i think if you're doing them you have to hold yourself accountable and back to the transparency piece of sharing every piece of data in that obviously if there's something really sensitive in in those open-ended questions you can't but it's just so so

important to be a transparent and the other thing about them is they're they are very useful but there's also other ways to do them on a regular basis like we we have bi-weekly town halls we're going to have one after this there's a question box or there's a comment box we're gonna have a suggestion box virtually in slack at some point as well just to keep it regular because often those um the surveys are once a year and i mean by that point people could be talking to other companies if there's something that's bothering them so it's more about that regular open transparency and getting feedback from the the teams on a regular basis that's great thank you and um martian

hop i think we've just got time for one more question before we open the floor for q a but martin hop from from your opinion in your opinion and from your perspective what do you believe organizations can do more um in order to retain employees especially in such a fast-paced evolving industry that we work in which is the tech industry or even cyber security right so if i were to pick one thing um because i would actually pick one thing that the companies shouldn't do or should do something to avoid that and that is maybe something we don't talk about enough in the cyber security industry but that is burnout so i i have witnessed that there are companies that

are trying to build their cyber security teams and departments but given the for example amount of like ransomware attacks that they're facing and like constant fire drills and security incidents like those environments are burning people out and this is um where we want it or not like if people have um the choice between a challenging environment where they can focus on an interesting technical problem versus fighting fires all day long like guess which company they're going to choose um so like trying to avoid environments where um you know people are under-resourced overworked and burdened with tasks that uh they're not realistically able to carry out i think that's a a very common uh problem the cyber

security industry so if you want to retain our engineers let's try not to do that or to do whatever is humanely possible to avoid people burning out now that's great thank you thank you martin for that um so yeah thank you to all our panelists for their contributions so far just being courtesy of time we are now open to questions from our audience and it looks like i have two already um so for our panelists we'll go with the first question which is it looks like nowadays people move companies every two or three years um oh that question seemed to seem to disappear apologies uh it should have been answered right sorry you seen it

yeah sorry i think someone marked it as a answer oh it looks already answered okay that's fine that's time no problem we'll move on to the next question no no go ahead no go ahead use this one no it was just a technical issue i think someone just clicked it was answered but it's not so sorry go ahead no problem so i'll go ahead so it looks like nowadays people move companies every two or three years what are your opinions about that is that an issue i yeah i'll take that and i worked with a manager years and years ago who had a real issue with that and would immediately look at it at a cv and go no

i want loyalty and those days are gone like those days are gone and in this space they're non-existent so i don't think we should be scared of it and to the earlier question about attrition there should be a healthy level of attrition and people should be moving on and companies should be happy for those that are going on to a better position and learning from it and pinching themselves as their top talent but but i don't think we should look at it as a problem i think we should look at it as as the way the world and also then not judge the person for it when they come through on our applicant management systems

what i will what i will add to that is um i mentioned before having a clear career path and ideally that will be going up right but sometimes you need to go in zigzag unfortunately which is the job hopping which is like okay i need to change careers if i want a bigger opportunity for that so it is a problem but the companies also need to learn the why it could be probably also as well the case is i just want to go after money so if i change three companies i get a new refresher here in silicon valley you get stocks for four years so you get the cliff and all that stuff but

it is also a matter sometimes an issue with the promotions with the career path and sometimes you also get bored of the product in technology there is just so much stuff now you're working on autonomous cars and then you switch to go to rockets that and now there are so many private companies and then you go work for uh you know the department of defense or cia because you want to do more spy stuff there is so much exciting stuff to work on that uh it it shouldn't come to a surprise as maria was mentioning that we kind of look at it as oh this person is not loyal lola martin would you like to add

anything before we move to the next question oh yeah no sorry good go go ahead lola i think it really depends because how many jobs over what period of time i mean i think it depends i think if the person is a consultant then it's expected is it two years or is it a year and a half like i will look at the months to see like what's happening is there a pattern does that mean you're gone in a year and a half and it really depends on what i need from that person and how i how long i see that lasting for as well so i think it really depends on the environment but

i think two to three years is pretty normal now to be honest um so yeah sorry martin yeah i just want to say it's uh like i observe is the same reality to someone changing their jobs two every two three years that's perfectly normal these days so i i personally and this is like kind of my past experience as a hiring manager i never saw that as a red flag like if someone changed jobs every six months then yes probably but also it's also something um as though i mentioned to to look into because maybe that uh person was an independent consultant but in which case is perfectly normal so uh yes it's just i guess the reality

right now no very few people work um in a lifetime at a single company which would happen before it's just not a thing okay that's great and we've got one more question here which is what would be some tips that you have for one-on-one meetings both for managers and ics forgive me my acronyms are not the best but i think it's individual contributors is it well that must be it must be yes it's good

would you like to answer that one um yeah absolutely so i'll tell you what i do with my team i mean it really depends on um i think your space the place at which you work the amount of work everyone has and the seniority of the people in your team um i think firstly regular one-to-ones are super helpful even if it's just as a way to connect so i try to do one-to-ones with my team uh once a week i try to do it at the beginning of the week to kind of kick us off the right way i have done other days as well um i think it's really just finding out what works for you and your team you

don't have to be rigid about how you do what you do we talk about generally how the previous week went um i usually have an idea on uh what their key projects are so it's really to see okay what does progress looks look like what's holding you back in any area and then we also talk about achievements as well any areas that are particular challenges um and that's what we work on so those are the regular one-to-ones i then try to do monthly one-to-ones again it depends uh but as a minimum quarterly where we look over a period of time okay how has this been overall um and is there progress from what we saw

before um and i think it's those particularly the quarterly ones where we then really talk about the job itself how are you finding things is this still interesting to you is there anything else you need to learn what additional support do you need so those are some of the things that i i tend to personally touch on anyone else from the panel i would just add to um for individual contributors to be brave and ask questions of their manager i've seen it so many times where individual contributors think that their one-to-ones are you know the space for them to come and give updates but but really that the value is that two-way conversation so and for individual contributors

listening and and for managers for their managers actually in fact and we all everyone has a manager at some point it is really really important to kind of respectfully challenge and ask questions in those one-to-ones because that's where the true value lies any of our martians would like to maybe add something finally yeah i will just i will just mention that i had kind of the two styles over over the different jobs that i had i wasn't job hopping so just in case i mentioned that but i i had several jobs so i had the managers that used it more as uh as uh give me an update of what you've been working on and i have managers that was

this is your time we can talk about soccer or we can talk about a job but this is a connection time and i like the second one because uh we have stand-ups to give updates right there with the rest of the team and stuff but i really like that half an hour a week or every two weeks which i can literally sit down with my manager and just talk about whatever i want because then that's kind of like a safe space if i want to talk about you know something that is not going as i want it to go at work or stuff but i can just also tell him about personal concerns that may be affecting my job or

just in general about something that i want to share with him because i have a great relationship with my manager so in that sense the one-on-ones are valuable to me that time that i can just really talk about anyone and as one of my managers used to say this is your time we can do whatever you want so and we actually used to go for walks which is also cool like it's it's a different experience when you are walking than sitting in an office so i will actually add that as well when it's safe to do so you can always keep six feet apart sure oh that's great thank you ever so much to all of our panelists for your

contribution i've definitely learnt a lot i'm sure our audience have too it's a pleasure to host you all and once again thank you again and thank you to everyone at b-sides all the organizers and the co-founders for inviting us it's been an absolute pleasure and if there's nothing further ado then we can put a close to the session yes thank you thank you raj lola marcin martine and maria there is one question but we're going to move that question to slack because now we have to give space to the next torque so i don't know who send it but let's check on the slack channel we'll have guytano they will basically move there we can

have the conversation again thank you much everyone it was great contribution um and um yeah let's talk for sure at some point i love you