This episode features Pete Strouse, cybersecurity talent advisor and host of the Talent Gap Fireside Chat. Catch this episode on Apple, Spotify, Amazon, or YouTube.
In this episode of GRC Uncensored, we dig into one of the most pressing topics in the GRC world: hiring. Whether you're looking to land your first role in risk management, compliance, pure-play GRC, or you're trying to fill one, this candid conversation with cybersecurity recruiter Pete Strouse offers a peek behind-the-scenes view of what’s happening in the job market.
Pete brings over a decade of experience placing top talent in security and GRC roles, and he doesn’t shy away from uncomfortable truths: automation is reshaping the market, entry-level roles are vanishing, and hiring managers are too often chasing unicorns.
The Reality of GRC Recruiting Today
“GRC is not something people dream about doing as a kid,” Pete jokes, but it’s become a stable and essential function for security teams across industries. That said, it’s also one of the hardest areas to break into, especially now.
“I’ve never seen hiring for GRC this slow in the last decade.”
While demand for GRC talent surged in years past, Pete says it's cooled significantly due to factors like:
Compliance automation platforms reducing the need for human auditors
Cost pressures leading to offshoring and smaller teams
Private equity ownership pushing firms toward leaner operations
Entry-Level Roles Are Drying Up
Despite constant chatter about a cybersecurity skills shortage, Pete debunks the idea that there's a hiring crisis in GRC.
“One bootcamp had 20,000 trained people all competing for 50 open jobs. That’s a 400-to-1 mismatch.”
The harsh reality? GRC isn’t immune to the same systemic hiring issues seen across tech:
Job descriptions asking for 3–5 years of experience at the entry level
Companies favor direct competitors over coachable, high-potential hires
Automation and AI tools are replacing junior roles, especially in audit and SOC work
For candidates just starting out, Pete’s advice is simple: optimize your LinkedIn profile with relevant keywords so you actually show up in recruiter searches. For more context, in most cases, Pete looks at LinkedIn before he ever sees a resume.
It’s Not About Letters After Your Name
When asked what makes someone stand out, Pete doesn’t mention certifications, MBAs, or a CISSP.
“What matters more than credentials is how you show up; are you humble, coachable, and genuinely motivated?”
Red flags for him include:
Misspellings (especially “HIPPA”)
Ego or entitlement during the first conversation
Leading with “What’s the salary?” before anything else
Instead, Pete looks for:
Strong communication skills
A clear sense of career direction
Internal motivation and curiosity
Behind the Curtain: How Recruiters Really Work
Forget blasting out your resume; Pete rarely even reads them.
“Most of the time I’m sourcing people through LinkedIn, and I don’t even look at resumes unless it gets serious.”
Pete walks through his exact approach:
Start with past candidates or referrals from his network
Use highly targeted Boolean search terms in LinkedIn Recruiter
Filter by company and job title, not by keywords alone
And no, he’s not sending mass emails.
“Every single person I contact, I’ve reviewed their profile. I don’t want to look silly.”
Advice for Job Seekers and Hiring Managers
Whether you're on the market or building a team, Pete offers tailored guidance to both sides:
For Job Seekers:
Be discoverable: Add frameworks, tools, and responsibilities you’ve worked with to your profile.
Be realistic: If you're early in your career, focus on transferable skills, not perfect alignment.
Network intentionally: Join local ISACA, ISSA, or (ISC)² chapters and actually talk to people.
“Visibility and keywords get you found. Your network gets you hired.”
For Hiring Managers:
Be open-minded: Don’t assume internal candidates are less capable than consulting veterans.
Don’t chase unicorns: A long wishlist in a slow hiring market helps no one.
Think long-term: Hire for growth potential, not just immediate need.
“Hiring based only on today’s needs ignores tomorrow’s risk.”
This week’s episode is not designed to discourage others from joining the GRC space, but to bring some reality into the mix. The market is shifting. Expectations are changing. And both sides, candidates and employers, need to meet in the middle to build lasting, productive teams.
🎧 Listen to the full episode of GRC Uncensored wherever you get your podcasts.
Share this post