The myth of the lone hacker is just that – a myth. What matters in modern cybersecurity is the ability to turn individual curiosity into collective capability, and to do so where people live, not just where big firms cluster.
Signal
I recently read a profile of Gavin McPaul, head of enterprise vulnerability management at TCS, who traces a fast-moving career from a college degree in computer security and digital forensics to leading an offensive security practice spread across the US, Ireland and India – all while remaining based in Donegal. Two themes stood out: curiosity-led skill growth, and the deliberate creation of collaborative systems that scale individual knowledge.
Analysis – why this matters to CTOs and founders
Gavin’s story is valuable because it reframes three common assumptions in enterprise security hiring and capability-building:
1. Talent is portable but ecosystems are not.
Yes, skilled engineers move. But what keeps them engaged – and what scales capability – is a local ecosystem: university clubs, meetups, mentoring, and a culture that rewards knowledge-sharing. For enterprises, this means investing in the social fabric around technical roles (sponsoring local CTFs, supporting university societies, creating learning cohorts) delivers more long-term value than simply buying training seats.
2. Curiosity beats credentials – but both matter.
Degrees and certifications provide entry signals, but what differentiates a high-performer in offensive security is demonstrable curiosity: personal projects, CTF participation, public writing, or contributions to OWASP and similar communities. As a hiring practice, move beyond résumé scanning: require a small practical task, evaluate an applicant’s GitHub/CTF record, or fund a short paid internship as a try-before-you-hire.
3. Distributed teams need deliberate collaboration patterns.
Gavin turned diverse working methods into a central collaboration space that benefited new joiners and accelerated onboarding. That’s an architectural decision for people: central knowledge repositories, documented playbooks, standard test environments, and rotating shadowing programs reduce variance and technical debt. Architect your onboarding and knowledge flow the same way you design your systems – with redundancy, versioning, and observability.
Concrete actions for leaders
– Build low-cost, high-value pipelines: sponsor campus societies, host local CTFs, and fund paid summer internships. These are cheaper and more effective than many external hiring channels.
– Standardize a “lab-first” onboarding: containerised vulnerable apps, replayable test cases, and an internal OWASP-style checklist make new hires productive in weeks rather than months.
– Evaluate for curiosity: incorporate practical mini-takehomes (hack a simple app, write a short postmortem) as part of interviews.
– Invest in a single source of truth: a searchable collaboration space with playbooks, recordings, and an FAQ for recurring issues.
– Balance “build vs buy” for training: buy vendor courses for baseline compliance, but build internal, scenario-based training for the real threats your systems face.
A Northeast India note – when it’s relevant
There’s a clear parallel between Donegal and many parts of Northeast India: regional talent exists, but so does the risk of brain drain when local opportunities are limited. I’ve seen the same leverage points work here – university societies, regional STPI initiatives, and locally-run CTFs – to retain and grow cybersecurity talent without forcing everyone into coastal metros. For policy makers and enterprise leaders in the region, the priority is creating paid, meaningful entry points to convert curiosity into careers.
Takeaways
– Culture and collaboration scale security more than headcount alone.
– Hire for curiosity; validate with practical work.
– Make skills portable locally: labs, internships, and campus engagement are your best ROI.
– Treat onboarding and playbooks as architecture – version-controlled, observable, and reusable.
Closing thought
Technical talent begins with curiosity; what turns curiosity into enterprise-grade capability is the architecture around people – the mentorship, playbooks, and local opportunities that let learning compound. That’s where leaders should invest.
About the Author
Sanjeev Sarma is the Founder Director of Webx Technologies Private Limited, a leading Technology Consulting firm with over two decades of experience. A seasoned technology strategist and Chief Software Architect, he specializes in Enterprise Software Architecture, Cloud-Native Applications, AI-Driven Platforms, and Mobile-First Solutions. Recognized as a “Technology Hero” by Microsoft for his pioneering work in e-Governance, Sanjeev actively advises state and central technology committees, including the Advisory Board for Software Technology Parks of India (STPI) across multiple Northeast Indian states. He is also the Managing Editor for Mahabahu.com, an international journal. Passionate about fostering innovation, he actively mentors aspiring entrepreneurs and leads transformative digital solutions for enterprises and government sectors from his base in Northeast India.
