Americas

  • United States

Asia

Oceania

Andrada Fiscutean
Freelance writer

How CISOs can turn around low-performing cyber pros

Feature
30 Oct 202411 mins
CSO and CISOCareersSecurity

From embracing vulnerability to asking thoughtful questions, CISOs and coaches share their top tips for supporting the employees who need it the most.

Step-by-step: a series of steps with a bulls-eye target on the top step.
Credit: MiniStocker / Shutterstock

Security teams are always on red alert, constantly thinking about what could go wrong and when the next threat might strike. This environment can take a toll on employees, and for those already struggling, the pressure can become unbearable.

“The job is full of complexity, ambiguity, and is constantly changing, which results in a state of fight, flight, freeze or fawn, which is exhausting for cybersecurity professionals,” says Samm MacLeod, CSO and CRO at Culture Amp, an employee performance platform.

Many CISOs notice team members slipping on deadlines or seeming less engaged. Employees who once took the lead on projects or contributed actively may start to withdraw and avoid responsibilities, while new hires might find it difficult to integrate into the fast-paced environment of cybersecurity.

A study by Culture Amp found that underperforming employees often feel overwhelmed, don’t have a clear strategy to reach their goals, might be in the wrong role, or simply aren’t getting enough support from their managers.

Replacing an underperforming employee can cost anywhere from 30% to 200% of their salary, so it also makes financial sense to try to help them get back on track. Instead of rushing to hire someone new, CISOs and other leaders can focus on giving these employees the right support, coaching, and guidance. Often, with a little attention and clear direction, many underperformers can regain their motivation and their confidence to start contributing again.

How CISOs can recognize a struggling employee

Cybersecurity teams may often work remotely and includes a number of more introverted individuals, which makes it challenging to detect when someone is struggling. Subtle changes that are easy to miss can provide clues about an employee’s well-being. 

“Are they usually sunny and suddenly surly? Usually chatty and now quiet? Or have they suddenly become consistently negative about everything?” asks Carlota Sage, founder and community CISO at Pocket CISO, a company that offers CISO as a service.

When facing difficulties in both their professional and personal lives, people can start to withdraw and be less interested in contributing, even doing the bare minimum. They might also make mistakes more often or miss deadlines, or they can care less about how their colleagues or managers perceive their work.

Body language can also provide insight into an employee’s emotional state and engagement level. When assigning tasks, Michelle Duval, founder and CEO at Marlee, a collaboration and performance AI for the workplace, looks her colleagues in the eyes. “Avoiding eye contact or visible sighing… are helpful clues,” she says. “These can be helpful clues to check in and ask: ‘Are you OK?’ or ‘Are you struggling with task X?'”

Task avoidance, procrastination, trying to delegate work to others, or taking increased time off can also be behavioral indicators of an employee in distress. Irritability or a tendency to lash out at colleagues are also signs that something may be wrong, adds cybersecurity strategist Tammie Hollis.

Such behaviors can indicate that an employee is feeling insecure, anxious, frustrated, overwhelmed, or struggling to manage their workload. If not addressed properly, these can lead to sadness, hopelessness, fear, or even physical or mental exhaustion or burnout. All these impact both the employee and their team, making it essential for leaders to intervene early with empathy and an open mind.

Know what is behind the low performance

Part of a leader’s job is to care about people. A good CISO understands that supporting their employees’ mental health and professional growth is just as important as protecting systems and data.

When it comes to helping employees improve their performance, the key point is to understand why they have problems in the first place and act quickly. “The best coaching depends on what type of problem you’re fixing,” says Caroline Ceniza-Levine, executive recruiter and career coach. “If the employee’s work product is suffering, they may need more direction or skills training. If the employee is disengaged, they may need help getting motivated – in this case, giving them more information around why their work matters and how important their contribution is may help.”

Sometimes, it’s a question of setting realistic expectations that focus on short-term, achievable goals. “The biggest reason low performers fail to develop is the milestones set for them are too far away from where they are today,” Duval says. True change and confidence come from achieving small, incremental goals over time. “Once those small goals are achieved, increase the complexity of the performance goal incrementally until the desired performance is achieved.”

Certain tasks can be made more enjoyable. “We gamify activities such as simulated attacks (red/blue team exercises), threat hunting, and threat modeling,” MacLeod says. “We also have fortnightly games’ night for the team to come together and just muck about.” This brings out friendly competition, helps the team bond, and gives everyone a chance to show off their skills, pick up new ones, and stay up to date with threat intelligence. 

Empower employees and show them they are valued

Conversations between CISOs and their struggling team members should focus on support and a genuine desire to help rather than blame and pressure. By creating a safe space where employees feel comfortable sharing their challenges openly, leaders can foster trust and encourage honest, productive dialogue. This approach helps team members feel valued, paving the way for more effective problem-solving.

“When a coach engages with empathy, it humanizes the conversation, allowing the coach and employee the space to discuss the issue in a more positive way because the power dynamic has been reduced,” Hollis says. 

Asking meaningful or powerful questions is also important. It “offers the coach visibility to navigate the conversation so the employee remembers or realizes what they know and how it applies in a way that supports the return of their confidence,” she says.

In situations like this, CISOs should be careful not to take an overly directive approach, a mistake Darren Argyle, group CISO at Standard Chartered Bank, made early in his career. “In my eagerness to help, I would jump in with solutions rather than empowering the employee to find their own,” he says. “Now, I understand the value of mentorship in these situations — it allows them to work through challenges with guidance rather than being handed the answer.”

MacLeod adds that it is important to make sure that the team feels recognized and can see an ongoing investment in them. This is particularly key for junior team members, who, as she puts it, “need a combination of coaching, knowledge transfer and formal training to have the impact in the roles that they want and the organization needs.”

Language matters

To encourage struggling employees to open up, leaders need to lead by example and be first to share their challenges. By being vulnerable and transparent, they set the tone and show that it’s safe to discuss difficulties. “I’ve found that when I’m transparent about my own challenges — whether it’s work stress or how I use meditation to stay balanced — it gives others permission to be vulnerable too,” says Argyle. “It shows them that it’s OK to admit when things get tough.”

When leaders show openness and vulnerability, they encourage team members to speak up when they’re overwhelmed or need support, so struggling employees are more likely to feel comfortable sharing their difficulties without fear of judgment or repercussions. “Avoid providing judgments and evaluations about them or their performance,” Duval says. Instead of saying things like ‘you are aggressive in meetings,’ she recommends narrating their performance and providing play-by-play observations about the behavior.

When talking shop and setting goals or giving feedback, it’s important to give clear and concise instructions. “We create pain when we give ambiguous, inaccurate, or incomplete information or security guidance,” says Karl Mattson, CISO at Endor Labs.

While not all CISOs are naturally good at leading these kinds of conversations, emotional intelligence, and empathy can be improved over time. These are skills that “can absolutely be developed,” Sage says, “but you must want to do it.” Failing to develop these skills can harm relationships in the long run. As Sage puts it, “a flippant, thoughtless remark can undermine years of trust.”

Ways to create a trusting environment

Constantly measuring someone’s performance might look like a good solution in theory. In practice, however, it can create unnecessary pressure and anxiety, making employees feel like they’re constantly under a microscope.

It’s something Argyle did early in his career. “I focused too much on the metrics without understanding the personal pressures someone might be under,” he says. “Today, I lead with empathy and show by example how I prioritize my own well-being — whether through meditation, gym workouts, or simply blocking off time for creative thinking.”

Mattson suggests focusing on rewarding hard work rather than measuring outcomes because “not every employee will perform or achieve the same upper skill level,” he says. 

Prioritizing well-being through informal check-ins and assigning mentors to struggling employees creates an environment where team members feel comfortable discussing both personal and professional challenges. Sometimes, employees find it easier to open up to a mentor than their direct manager, making mentorship a valuable tool for support and growth.

Argyle goes one step further, suggesting intentional downtime, which allows employees to decompress and refocus. “The practices we’ve put in place, like ‘No Meetings Fridays’, help create breathing space for the team. When people feel they have time to recharge and reflect, they’re less likely to bottle up their struggles.”

However, not all leaders are taking this approach. Some still think that formal disciplinary actions are the best way to handle underperforming employees. “The absolute worst thing you can do is put an employee on a Performance Improvement Period (PIP) or something similar,” Sage says. “Commit to helping them through, or fire them, but putting them on a PIP is counterproductive.”

Celebrate the team’s milestones

It helps if every now and then, the team, and especially the struggling employees, reflects on how far they’ve come and they celebrate the moment. Recognizing even small achievements can boost morale and provide a sense of accomplishment. Celebrating these milestones helps shift focus from what’s still left to achieve to the progress already made, fostering a positive mindset.

“We wrote a list that called out everything we delivered in the last six months and the impact we have had on/for our business,” MacLeod says. “The change in the team when we published it, even though it was nothing fancy, was palpable; the chatter, the jokes, the laughs, meant the energy just shifted.” This, she says, opened up creative conversations and improvement discussions and some passion projects “even in the most quiet introverted team members.”

When to let go of an employee

Sometimes, even with everyone doing their best, things just don’t get better. Since replacing an employee can be expensive, it’s important to take a step back and assess the situation before making the decision to let them go.

One idea is to understand if the person is coachable or not. “Someone may not be coachable if they are not ready for or willing to make a change right now,” Hollis says. “Someone who is not coachable may be more reactionary than responsive, be argumentative, or not be willing to participate in the coaching relationship.”

If the coaching just isn’t working, it’s time to talk about it. “Check if the employee agrees and has suggestions — this is another chance for the employee to demonstrate a willingness to improve,” says Ceniza-Levine.

The meeting could also include HR, so the employee, manager, and HR could work together to explore alternative solutions. “Perhaps the role isn’t the right fit for the employee and they can be moved elsewhere,” Ceniza-Levine says. “Perhaps the role can be restructured to play to the employee’s strengths, if there is flexibility in the team to reassign roles.”

No matter the situation, the decision to terminate an employee should always be approached carefully and should never be rushed.

In cybersecurity, where burnout is high, CISOs need to be there for the employees who need them the most, Argyle says. He adds that the goal is to build a culture “that supports people before they reach the point of no return.”

  翻译: