Eero from Relancer (00:00) Welcome to the Relancer podcast, where we talk about talent acquisition topics. I'm Eero, the co-founder of Relancer, the platform where employers connect with freelancer recruiters. Today, we have Andjela, and we will be talking about how to recruit in cybersecurity. Welcome, Andjela. Andjela (00:19) Hi, Eero. Nice to see you. Thank you for inviting me. Eero from Relancer (00:25) Yeah, actually, there's a quite long history, in a way long history, behind us. When we started Relancer, before that we were relocating talent from different countries and then at one point we started to use external partners for that, local recruiters and then we had like five partners and Andjela was one of them. Andjela (00:48) Yes, and we started actually collaborating together in 2019. Eero from Relancer (00:53) Yeah, something like that. When we started Relancer, we had five recruiters on the list. And you were one of them. So you're the first recruiter in Relancer. So that's super cool, I think. Andjela (01:00) I was one of them. Yeah, it is. And we actually had a really great journey together. So while the Relancer was growing, I was also growing. So that was the career path for all of us together. Eero from Relancer (01:24) Yeah. So I'm doing this for every guest I have. I'm snooping to see what they have on LinkedIn. So I learned something interesting, you have education in media and communications and did you start to become like a journalist or you were at least an intern in journalism? Andjela (01:47) That's a really good point. So I graduated media communications and actually my degree is a PR manager. So since I was deciding, should I be a journalist or should I be a PR, I started the internship as a journalist. I decided immediately that I don't want to be a journalist. And then let's say I opened my PR agency, hoping that I will become one of the biggest PR managers in Serbia. And actually, I was on a good way, but not that good because I was too young. So I organized a couple of PR events in Belgrade, also starting to fight my own internal fights, like should I go to event planning or PR management because I wasn't able to separate those two things clearly. And then I actually decided to... do the master studies for project management. I am a certified IPMI project manager. That's how I actually ended up in recruitment. Because actually I started working as a PR manager, beginning of 2017, end of 2016, something like that, for one recruitment agency in Netherlands. Then after two months, working as a project manager, I became a recruiter by accident because I was really curious what the recruiters are doing. And then I started first of all with sourcing, interviewing, and in a really short period of time, I found myself there. And I'm here still, right? Not planning to change my career. Eero from Relancer (03:26) Andjela (03:43) And during this wonderful journey of more than eight years right now, I am working all the time in cybersecurity. I passed various vendors, had them as my clients, for some of them even worked directly as an interim recruiter. And right now I'm also working for one of the cybersecurity vendors. So yeah, long story short: Eero from Relancer (03:53) Andjela (04:11) cybersecurity recruiter and right now an HR manager as well. Eero from Relancer (04:17) It's a happy accident. Everybody accidentally ends up in recruiting so far, we'll see. If I find somebody who intentionally ended up in recruiting, I will let you know. Andjela (04:20) Happy accident. That will be a challenge. Eero from Relancer (04:36) Yeah, I do know that people, at least in here in Estonia, we have now education in HR, like HR management and so on. But recruiting specifically, I'm not sure if this is somehow like educationally covered. Andjela (04:51) Exactly. And it doesn't exist as an education. And if you ask me, it should exist because I think that recruitment, it's a really big discipline, which should be researched on a really good level because it is a part, observed as a part of HR but it's completely different thing than HR. Eero from Relancer (05:15) Maybe it's good. It's a good opportunity for me then. I'm thinking to start a knowledge base to educate people on talent acquisition. Of course, it's for the industry experts. We're going to do some more advanced stuff, not for beginners. But yeah, maybe we can cover something. Andjela (05:33) New Relancer project, Relancer Eero from Relancer (05:36) Yeah, yeah. Andjela (05:37) I am applying to be one of the first professors. Eero from Relancer (05:42) So yeah, I understand that you're in how did you end up in there? It's in a way super specific or niche compared to traditional software development. Andjela (05:55) It is deeply niched. I actually came to this niche at the early stage of my career. As I said, I started working for a recruitment agency, a Dutch one, which has been dealing only with exclusive hiring for cybersecurity vendors. So I immediately jumped into the hardest shoes of cybersecurity recruiter. And I think that was a good move. Because in particular in cybersecurity, you don't have a lot of recruiters. So that's an industry where even recruiter needs to be a technical person. And when I say technical person, I, of course, don't mean that we are coding things. But you need to have a deep understanding about every possible technical role. And I'm not talking here about the classical development roles like Java developers, C++, and so on and so forth. I mean, like knowing the difference between blue team, red team, purple team, what is attack, what is defense, what the ethical hacker is doing, what CTI analyst is And to be able to understand all of those technical formalities and being able to understand while you are interviewing a person. Is he a defensive or offensive engineer? You need to understand how the whole OZ model works and how all sub domains of cybersecurity work like network security, cloud security, XDI and et cetera. So you need to be... particularly oriented to deeply understand your industry and that's cybersecurity and all the aspects within the industry and all the roles so you can be successful in it. Otherwise, you will just turn around and yeah, trying to catch up some things. But on the other hand, I am not saying that classical IT recruitment of developers. It's not that hard as well because it is, you have to understand those development positions. I mean, I had the chance to recruit developers as well for a long period of time. It has some similarities, but on the other hand, let's say those are the specific things related to cybersecurity recruitment and also particularly for the sales teams. Since sales teams are the crucial teams within the cybersecurity landscape. Even though those are not technical positions, they are really hard to recruit. Because first of all, you have a limited pool of talents. And I'm not saying here that you have few people, you have thousands of them. But on the other hand, that's still not that big as a pool, for example, of Java developers where you have a lot of them. So you need to have a certain techniques, a special approach. and everything so you can attract them. Eero from Relancer (09:04) Yeah, definitely. I was thinking, people have made these like, what do the tech terms mean for recruiters so they can understand better. There's a difference between Java and JavaScript. Is there anything else like that in cyber security has somebody done? What is the red team, what is blue team and so on? Is there anything like that out there? Andjela (09:29) There is so many things. And, and as you said, what is the difference between Java and JavaScript? It's what is the difference between Java and JavaScript. It is what is the difference between Java 8 and Java 11, you So it is like that within the cybersecurity. So you, you need to understand first of all, the difference between network security, cloud security. threat intelligence, identity and access management, and all of those things. And as you referred to blue team and red team, blue team is a defensive team, red team it's offensive team. Purple team, let's call it the combination of those two, from this general language perspective. Maybe the purple team is the hardest to recruit, I would say. Eero from Relancer (10:22) So you already mentioned that the recruiter has to know stuff, has to understand the industry, of course, has to understand the roles, and there is, like you mentioned, less talent, because they have to have this specific background. How is recruiting cyber security roles different from recruiting traditional software development roles? For somebody, they would think, okay, they're developers, or technical also, it's gonna be similar, how is it different? Andjela (10:48) It's different, first of all, because you have a special education for cybersecurity. First of all, we should separate the technical and non-technical positions within the cybersecurity landscape. For the technical positions, you have a certain educational background that those people are passing, like university studies for cybersecurity. And then after that, the technical guys are going over the certification programs, like certified ethical hacker, that is SAC certification. Then they have OCCP, let's say offensive security ethical hacker. And then they have so many certificates that they should and can get. So when I say should, I mean in most of the cases they should have those certificates, so they can be able to deeply understand scope of their responsibilities, their work and be prepared, to work on the vendor landscape, reseller or customer, it doesn't matter. But on the other hand, during their career, career progression, they're also gathering a lot of certificates. So for example, in the classical development roles, as I already mentioned, yes, okay, you have a new release of Java and you are not going to get certified for that new release of Java. You are learning it by working. But for the cybersecurity, for the technical roles, you are constantly getting new certificates because there are constant new updates and also you are constantly growing in your career. On the other hand, becoming a senior within cybersecurity, it takes a little bit longer than becoming a senior in the development positions. For the non-technical positions for the sales roles, you are starting usually from an inside sales or sales development representative roles. And then you're continuing to grow through the channel to the field sales. And then on the field sales, you are segmenting people. Are they account managers or they're key account managers dealing with some key accounts or they are a major account managers dealing with some named accounts, just a few of them, or they are global account managers, meaning dealing with the global accounts or they are sales directors and then you have to take into the consideration the sales director, if that means that he is a director leading the team and managing the people, or he is a director in a sense of... leading just a few named accounts and being director for only those particular accounts. So those are all the things that you as a recruiter need to be able to recognize based on the LinkedIn profile as the starting point and then let's say based on the resume as well. So yes to answer your question there are certain differences between the classic IT roles and cybersecurity. Eero from Relancer (13:58) You mentioned education, there are a lot of traditional software developers who never graduated. For example, our CTO, he went to school, learned a little bit, started working and then he was like, okay I'm learning faster. No point in finishing this school. How many are self taught or you must have education, how's that part? Andjela (14:20) Let's look at it from the movie perspective. All of those, let's say black hat ethical hackers, in most cases, they don't have any educational background, right? Some kids who entered a PC recognize how they can break some system, enter the system, steal some data and so on and so forth. But that I would call that a natural talent. Let's call it like that. So you can have a natural talent. You don't need to have an education. It's not a must. Eero from Relancer (14:30) The movies, yes. Andjela (14:50) But on the other hand, if you don't have certificates, and if you don't have a certain practice, it's really hard that you will become a cybersecurity technical person. Like I'm talking here about the CTI analyst, SOC analyst, ethical hacker, or penetration tester. So for those kind of things, you actually need to have some sort of at least certificate. And also, because of the... constant updates, literally constant updates. And let's take the penetration testing. So you're constantly testing something. It's like a QA engineer, right? So you are testing the software before the production phase. And in this case, the penetration tester is constantly finding bugs and fixing bugs. Definitely you need to have at least some base. It doesn't need to be university studies, of course, but it should be some certificates. Eero from Relancer (15:53) So we had a client, it wasn't a cybersecurity company, but they basically had, so we did RPO for them. And so we sent some recruiters to work for the company and they had some clients in the US. So they had to get their computers to work in a safe environment. What limitations are there in remote work when you work with cybersecurity? How does it work? Andjela (16:17) There should be actually a demand for all companies who have a remote working structure. Because cybersecurity, it's something much bigger than limited only to a cybersecurity space, right? So if you are a remote worker of a company, you should have security systems, defending security systems on your company PC. So the company data can be secured. I mean, right now I'm potentially selling the product of our company as well with this speech. But I definitely think that every company PC, and not only company PC, the private PC also needs to have some security systems. Because first of all, that way you are securing yourself from the attacks from the outside of the organization. And we all know how valuable data is these days, right? So if you do not have security systems in your company PCs, and especially if you are working for a cybersecurity company, all of your employees need to have certain defending systems installed on their company PCs. So in the first place in that way, you are securing company data. You are showing also the social responsibility, meaning like, we are a cyber security company. Just imagine if we are not preventing external attacks internally. I mean, we have zero social responsibility and how anyone will buy our product. Right? So that's why all the people who are working within the cyber security industry, they have internal security softwares installed on their PCs. And then also apart from that, Eero from Relancer (17:46) Andjela (18:06) password manager, I would say, as one of the most important tools that everyone should have. And that's also a security system. And on the other hand, the VPNs. Eero from Relancer (18:18) So it is common to do remote work in cybersecurity, working for a cybersecurity company? Andjela (18:22) Yes, I am working all the time remotely, all the time having internal company security systems installed on the business PCs and without any issues. Eero from Relancer (18:35) That always makes it a little bit easier to get new talent. So what are some effective strategies to attract talent in cybersecurity? How do you get talent? Andjela (18:47) That's a good point. So first of all, you need to have a good pitch. So as a recruiter, we are at the first place. I'm calling us all the time a marketeer, brand manager, interviewer, HR, psychologist, all in one. So you need to have a good approach. You need to have a catchy, fully personalized message that you will showcase to the person that you are reaching out to, that you actually know what they are doing. Unfortunately, I had several times situations from some of my colleagues where I was approached for the role of a security analyst. And I was like, did you ever stop on my LinkedIn profile? Look at what I'm doing. I mean, I know that I'm showing up in your search when you type in cyber security, but at least read the title. So if you show them that you definitely read their profile and you are reaching out to them for the right role, and also you personalized your message, they will at least reply back even though if they are not interested. And I'm talking here mostly about the non-technical positions like the sales department, because those people are used to being on LinkedIn all the time because LinkedIn is their first choice for finding their ideal customer persona and for all the lead generation and everything that they are doing. So they are quite responsive. Also, you are building a community around you. So you are building yourself as a brand, building the community around you of those qualified people and building a strong relationship with all of them. Every time you are not closing the door, meaning like if you have someone who is not interested in the role right now, and he just replies, no, thank you, I'm not interested now. You're not leaving that person without the response from your side. You're paying attention to it and just responding like, thank you so much for your reply, I will be more than happy to stay in touch for the future if that's okay with you, for example. And they always reply back like, yes, of course, let's keep in touch. Then you are sending a connection request. If you didn't send it before connecting with them on LinkedIn, constantly posting something about the company, the environment that you are recruiting for. If you are an agency recruiter, you are reposting some, let's say, content from the companies that you are working for, from your clients, also boosting that audience, right? So those are some of the main strategies that you can work on. Eero from Relancer (21:37) What do they care about? So you have to have a good pitch. What should you include? What is the selling points in cyber security? Andjela (21:44) First of all, you need to have a good product. So if you're working for a product company, I mean for a vendor in cybersecurity, which is at the top of the pyramid. So if you are working for a vendor, you need to have a good product. And that product will be able to sell itself meaning that if you are a recruiter and you are mentioning the product of your vendor and you know and you believe in your product and you are able to convince the people that your product is worth their attention and worth to consider working for your company. That's all that you need. On the other hand if you are working for example for a distributor or reseller, they are having plenty of products in their portfolio. So plenty of vendor products, right? So I would say that in that case, you are catching those people with an explanation regarding what are the products that we are covering from which vendors. And also, let's say, some unique selling points from the company perspective, like some kind of benefits, remote working environment, work-life balance, and those kind of things. And than if you are an end customer, like a bank, for example, because right now every end customer has their own security department. Those unique selling points are at the first place, size of the team, size of responsibilities, and also is it bank well known or not? Does it have potential on the market, for example? What is the, I don't know, some approach to the market and the scope of responsibilities and the career path, how they can progress. Because for example, on the end customer side, you don't have non-technical cybersecurity positions. So the sales cybersecurity positions exist only on the landscape of the vendor, reseller and distributor and also on the managed service providers. But at the end customer like banks and retail, oil and gas and those kinds of things, you have only technical positions. Eero from Relancer (24:03) Do you have any hope if you have an average product? Andjela (24:05) We don't have an average product. We have an extraordinary product. You have, you have, you have. It's not like you don't have a chance. It's just like you need to give a hope to the people that they can progress because at the end of the day it's all about the progress, right? Eero from Relancer (24:08) I mean, not you, but if somebody has an average product and they still need to hire. Andjela (24:30) I mean, don't lie each other. We are all living for some prosperity, good work-life balance and having enough money to pay our bills and eat something, right? So, with all of those things matching, yes, every company can find talent. I'm not saying that it's easy. But yes, even if you don't have an extraordinary product, you can, you can find people. If you cannot, you are engaging a recruiter who can help you do it. Eero from Relancer (25:07) definitely. So we talk about how the talent in cybersecurity has to have certification, the right background, and so on. So employer branding must be a very important part of that. How to become the employer of choice in cybersecurity? Andjela (25:26) To become the employer of choice, you need to combine different techniques. And that's actually a really good point. Again, everything starts from the product. So if you have a good product, which is recognized on the market as a good, valuable, qualified product, where... You know, what is the thing? So in the cybersecurity industry, people are aware of all the new names, right? Because they are constantly reading, keeping themselves up to date. And then if there is a new vendor on the market, they will all do the research to figure out what is happening and who that company, what they are doing and so on and so forth. There are rare cases where, let's say, for example, you're so small or you just entered the market and nobody knows about you, but then since you have a good product, you just make the explosion on the market and starts reading like, okay, who are these guys, what are they doing. And then that's the way how you spread the word about your company and the public. On the other hand, that's one way how you can do it. On the other hand, in parallel, even though you are starting as a small startup, growing into an enterprise or not growing into an enterprise, growing in some sustainable growth, right? Being still a startup, keeping the startup mindset. You need to take care of your internal team members, right? You need to make them feel super positive that they are working for you so they can start spreading that good word about the company culture, about the potential, career progression within the company, also regarding the benefits. The last thing is salaries. Cyber security in general has a little bit higher salaries than any other IT industry. With those salaries, you are fighting to be competitive on the market and to be able to attract the talent. Eero from Relancer (27:32) Employer brand, of course, it starts from product. So if you're an early stage startup, if you have a great product, that's good. And that's super good if people really research about it. So basically when you reach out, they might already know you. And if they already know how good the product is, it can be much easier. But it's super important then to have a good candidate experience, because the client pool is limited. You have to provide Andjela (27:47) Eero from Relancer (27:59) good Of course, you have to come back to the same talent all the time, in a way. But also, in a close community, a small community, people talk, so you have to be super careful. Otherwise, you can probably mess it up. Andjela (28:13) Exactly. Especially in sales teams, for example, it might happen to you that you are talking with the same person for three different So you spoke to him, for example, five years ago about one company, it didn't work out, or he decided to quit or whatever happened, but you know that he is qualified. And then let's say you are reaching out to him, a year after, for example, for another vendor. He doesn't like it, but you agreed to stay in touch. And then the third time, you reach out to him, and he says, OK, this looks interesting. You know that he is qualified. You are putting him in the process immediately, and he gets the job. I mean, it doesn't mean that it will be the third time. It might be. In most of the cases, it's the first time, right? Because you are choosing who to reach out. But in some cases, because I had so many cases where I believe that the person is good. But the management thinks like, maybe we can find someone better or some things don't work like salary expectations and those kinds of things. But if you know, you are sure, you have your feeling that guy it's good and qualified, please do not limit here to guys, lady, whoever, so males or females. You need to keep the good relationship with that person. Because if it's not now, it might be in three, five, seven, 10 years. But that's your personal connection. And you know how great it is when you reach out to some of your previous candidates where you already had a contact with, and you just send a message and they immediately respond like, hey, Andjela, it's so good to hear back from you what do you have to offer right now? Eero from Relancer (30:04) Andjela (30:06) I don't know for other recruiters, but for myself, that's my biggest success. And that's actually something that I am living for because that's the most positive side of recruitment. When people come to me, they respond to my message like, hey, long time no see, what happened? What do you have to offer right now? Or if I'm not approaching them because I don't have anything right now, and they decided... to switch their career, to change their job. They are reaching out like, hey, I remember our last conversation, do you have something to offer? That's the biggest recruiter success. When you have people responding to your messages positively and also when you have people reaching out to you for the role. Eero from Relancer (30:43) Yeah, it's about relationship building. Andjela (30:55) Exactly, exactly. The recruitment and sales are such related disciplines. Eero from Relancer (31:02) So what are the most common countries, where to find cybersecurity talent, like if you want to look abroad or find them from another country? Andjela (31:13) That's a good point. As we all know, cybersecurity is the biggest industry in North America. Then on the other hand, we have Israel as the biggest state, biggest country, and biggest potential for cybersecurity vendors. On the other hand, we have Netherlands as the... biggest country within Europe with the cybersecurity talents, UK and Germany as well. And then of course, you are able to find, let's say, good talents in the Asia Pacific side, in the APAC side, especially in India, because most of the vendors are outsourcing their teams to India. And right now, recently, that region, it's becoming bigger so right now we have some cybersecurity talents in Indonesia and in the asPhilippines as well as in Europe it becomes a bigger picture so it's not only for example in Netherlands, it's the whole Benelux it's the whole DACH region, there is Nordics as well there is France, there is Italy and so on so forth so Europe in general becomes really popular for cyber security. Eero from Relancer (32:35) Yeah, how interesting. In general, what I have seen is there are like these startup accelerators coming up that are specifically focusing on cybersecurity I think that means that it's getting bigger and bigger and then there are huge opportunities in cybersecurity. Andjela (32:54) Yes, that's definitely the fastest growing industry. And I think the industry with the biggest potential because eventually at the end of the day, we will all need cybersecurity. It will become as a physical security because everything is online, right? We are all online. I mean, you and I, we're using Facebook and Instagram, right? And okay, maybe we're using it from our phones and thinking like nothing is gonna happen. But... It's not that I mean, we are all aware of what is happening and also with the progress of the AI. And I'm pretty sure that sooner or later, people will become aware that cybersecurity is the vital part and that actually everyone needs it. And it doesn't matter, is it on your business laptop or on your private. Eero from Relancer (33:42) Yeah, it's also hidden in a way. I was definitely one of the early users of computers becoming publicly used, maybe, because I'm quite young Andjela (34:00) Eero from Relancer (34:01) But when there was Windows 95 or whatever, there were a lot of viruses, stuff like that. You had to be super careful. Nowadays, of course, you need to be still careful, but there is a lot of... Andjela (34:09) At least you have a firewall. Eero from Relancer (34:17) Yeah, nowadays it's quite protected already on the background that you don't maybe have to know so much, but in the past, you had to be very conscious because there wasn't out there so much security involved and of course with all the new technologies there are going to be a lot of holes and stuff that can happen so it's definitely always Andjela (34:31) Eero from Relancer (34:42) So maybe there was one interesting thing. We haven't covered it yet, but what are the main channels to find cybersecurity talent? And I think in that way, it's a little bit different that you mentioned. The LinkedIn is the main source. It's not very common for software development to find a lot of talent on the LinkedIn. Andjela (35:00) You can still find a lot of software developers on LinkedIn, but most of them, let's say, you can also find on other, tools and searching through the Google X with the Boolean strings. But for the cybersecurity positions, and it doesn't matter if they're technical or non-technical positions, most of them, when I say most of them, I mean, more than 90% are already on LinkedIn. And the reason for that, it's, let's say, because you are fighting to progress. You are trying to build connections, meaning that you can be able to jump to another company. You would like to be visible to recruiters, even though, like, for example, when you are a seller in the cybersecurity industry and you are receiving on a daily basis sometimes more than five requests from recruiters for having an interview with them. You still would like to be visible for at the first place, because if you are a seller, and here it doesn't matter are you working in cybersecurity or not, or in any other industry. If you are a seller and you are selling a product online, you have a SaaS product. You need to have LinkedIn profile because that's your... main point of contact with all of your customers. And then from the sales perspective of the cybersecurity, they're all on LinkedIn, because if they don't have LinkedIn, it's like they don't even exist. And then let's say for the sales guys, you are fighting to get their attention because it might happen for some great guy or a girl that I will be the fifth recruiter during the day to reach out to them. Eero from Relancer (36:35) Andjela (36:49) So I need to be innovative and I need to make them respond. On the other hand, for the technical positions, somehow they are all there. Also, maybe not all of them, maybe some of them are not, but in most of the cases, I actually never had any problem finding cybersecurity talent on LinkedIn. So I would say that from my side, LinkedIn, it's my main source, but I'm not limiting myself only to a LinkedIn reach out. That's also the thing. So I am reaching out to them via LinkedIn, but then I am also reaching out to them via email or sometimes even cold calling as well. So different methods of reaching out, but LinkedIn is a main source for sourcing. Eero from Relancer (37:39) So how's the career progression in cybersecurity? Like in one company, you mentioned that they all want to progress. Like, of course, the fastest way to progress usually is to change the company, to get a higher salary, is to change the company. And then I think nowadays, if you see why young people are changing so often jobs, of course, they're looking around. They want to... try new things, but one of the ways to always progress is to change jobs. How is it in cybersecurity? Do they like progress in the company? Do they stay longer or they change the job often? Andjela (38:17) That depends on the person. I can tell you that first of all, from the technical roles, you can start as a junior and progress within the company to a senior role. And that depends only on the company who employed you, where you are working on, and also on that progress happen or not. I mean, normally the progress happens because those guys are always trying to develop themselves. On the other hand, it depends on you. So if you are someone who likes to change jobs often and do maybe some different things from time to time, then you will change your job every two, three years. Sometimes even we have some people who are changing jobs every year. But for the sales team, for example, that's really as a standard. So the seller is not successful if he is not able to stay in the company for at least three years because first of all, during the first year, you are getting onboarded, you are getting in touch with the customers, you are just ramping up. You can say that you are able to sell the product properly, reach out to your customers and so on and so forth after the first six months. So I would say that first year is your ramp-up period. There are really rare cases where the person is fully up to speed, meaning that he's reaching his target during a period of one, less than one year. Eero from Relancer (39:51) Andjela (39:59) Then in the second year, you are striving to reach your target and overachieve as well, because in most of the cases, cybersecurity companies, especially vendors, are having president's clubs. And those are some things that sellers are striving for, because it's kind of a power. If you're a part of the president's club, you can put that on your LinkedIn profile. You can share it with everyone. Eero from Relancer (40:18) Andjela (40:22) So you have some wonderful prizes, like some luxury vacations with your family and those kinds of things. And then in the third year, you are on some sustainable level, let's call it that. You already know your customers, you have a significant amount of renewals and you are able to do new business as well. And again, achieve or not achieve your target. So in most of the cases, sellers are staying longer than three years within the company. We have even some situations. I mean, I had them at one of my Eero from Relancer (40:34) Andjela (40:51) previous companies and vendors, I had situations and that's really symptomatic for them where people have been staying with them for 25 years. And that's as from the very first day when the company has been established almost. So how long the seller would stay in the company reflects on how good as a sales person he or she is, but also it reflects how rational targets are and how good the company culture is. Because it might happen that you made a mistake and you will switch your job after a year. And it might be several cases. So it might be several reasons. It might be like you made a mistake because the company is not what you have been looking for. Or it might be that the target is so high. Or it might be that simply it didn't work out. Eero from Relancer (41:22) Andjela (41:45) Or at the end of the day, it might be that there is another vendor, another smart recruiter reaching out to you with a higher salary, additional days of vacation, and then you will reconsider it and maybe move. So it's allowed to move after a year, but it's not allowed to be jumpy, meaning like you're switching the job every one year. Because, that looks, from a recruiter perspective, that looks like, okay, this guy is maybe not achieving his targets. Eero from Relancer (42:16) How big is the bonus as part of the salary? Because, of course, in the first year, you're basically building your client pool, you're getting to know how to sell your building relationships. And then if there is a bonus scheme, or even if there is, like you said, vacations, whatever involved. So you're working the first year to get to the point that you're actually getting those bonuses or benefits or whatever. And then when you get it, of course, it makes sense to stay. Andjela (42:44) So the thing is, let's say within the cybersecurity, sellers are working on the on target earning plan, most famous as an OTE plan. So they have certain splits between their base and the commission. So from this sales perspective within the cybersecurity, the bonus part, which is known as a bonus, it's named commission. And there are certain splits, like for example, in the field sales, it's usually 50-50 split. So 50% of your OT, it's your base, 50% it's your commission. Then for the channel, it's a different split. For the solutions engineers, it's a different split. So those are, let's say, the aspects that company is making decision internally. But there are some industry standards within the sales team that most of the vendors, resellers and distributors are respecting in regards of the OT split but that's the way how they work. So they're all compensated based on the own target earning plan. Eero from Relancer (43:41) Yeah, in that case, it's interesting. In some areas in recruiting, if people have stayed for a long time, sometimes people think, OK, they have stayed too long. They get comfortable and so on. But maybe in sales, you always think, OK, they're probably doing well because they're kept around. And also, they're probably making good money on that side that they don't want to leave. So that might be a good sign. Andjela (44:10) You know also what there is. So the sellers are usually sharing their accomplishments on their resumes and LinkedIn profiles. And if there are significant achievements from their side within the company, they will mention it in the job description that will be there for sure. And that makes our life maybe a little bit easier. But let's say on the other hand, it's not that much easier because we still have to recognize Eero from Relancer (44:25) Andjela (44:39) which seller is covering which aspect. So is it the enterprise accounts? Is it only named accounts? Is it renewals? Is it MSSP? Is it this? Is it that? So a lot of tricky parts. Eero from Relancer (44:53) Yeah. So that's it for episode four of Relancer Podcast. If you liked this episode, feel free to subscribe and share it. Thank you for tuning in. I hope to see you in the next one. Andjela (45:07) Thank you, Ero, for inviting me once again. And bye to everyone.