Like every big retailer -- and every big company -- Walmart faces plenty of challenges when it comes to cybersecurity. But if you ask Walmart Global Tech VP of security engineering Nick Givens about what is top of mind in terms of trends for the company, talent and recruitment are way up there.
“Talent in this field of cybersecurity is very scarce,” he says. “It’s in high demand, and it’s a very competitive landscape. We are in constant competition not only with companies within our own sector but with almost every company in general because today every company needs some type of cybersecurity element or focus to be successful.”
Walmart’s been part of that gold rush to hire cybersecurity pros. Givens says Walmart Global Tech, the technology organization within the retail giant, is looking to grow its practices in cloud security and data security particularly. In March 2022, Walmart announced that it would hire 5,000 tech pros in cybersecurity, software engineering, data science, and other specialties during 2022. The company has taken a couple of new and different steps to make it easier to recruit the talent it needs.
One of those is building out the concept of technology hubs. These are new physical locations in geographies beyond the company’s Bentonville, Arkansas headquarters. This is a newer concept for Walmart, which previously gone the more traditional route of concentrating talent in Bentonville. But the world of work is changing.
“We used to be very focused historically on bringing the talent to our headquarters in Northwest Arkansas, Bentonville,” Givens says. “But we started to learn and understand with the talent being so critical, we have to be able to also meet the talent where they are. That’s today’s landscape.”
Workers want to be able to stay where they live now rather than uprooting their lives, and they also may want to work from home -- or at least have those options available. Givens says that Walmart must be open and receptive to those workforce trends to be competitive. Walmart has reported that it has or is planning 17 technology hubs.
That’s why Givens, who has spent 20-plus years in Northwest Arkansas as a Walmart global tech employee, has now relocated to Atlanta where Walmart is investing in one of those tech hubs. Other locations for these technology hubs include Seattle, Dallas, Toronto, and Reston, Virginia. Building these hubs is mostly about attracting today’s talent, but it is also about building talent pipelines for future recruitment.
“We’re starting to try to build very strong partnerships and pipelines with educational institutions which will allow us over time to be able to influence programs, and be more active in programs,” Givens says.
Walmart is also looking to non-traditional pipelines for talent recruitment. For instance, some of these hub cities such as Atlanta may have programs that train candidates in tech bootcamps for software engineering or software development.
“Some of this talent may not have gone through college,” Givens said. But they can be trained in very specific disciplines in technology to join Walmart.
Mixed Signals in Tech Employment
Even as Walmart is building out its future investments to be competitive in technology talent recruitment, plenty of the tech giants out there are laying off huge numbers of tech employees. Most recently, Salesforce CEO Marc Benioff said in an email to employees, announcing a layoff of 10% of the workforce, that his company hired too many during the pandemic when revenue climbed because technology was a huge enabler for all industries and all business operations.
What about all the big tech company layoffs at companies such as Meta, Twitter, Amazon, and Salesforce? Is Walmart planning any layoffs? Is Walmart actively recruiting those individuals laid off by other tech giants?
Walmart laid off about 200 corporate employees in August 2022, but at this point the company has not indicated that it has plans for further layoffs.
In terms of recruiting talent from other big tech company layoffs, there’s not any formal program in place to go after that talent, Givens says. But that doesn’t mean they are not hiring those workers.
“We’re always keeping our eyes open for talent across the board … We’re very open to looking at those talent pools as well,” Givens says
For laid-off tech workers looking to get into Walmart, however, the best way to get that proverbial “foot in the door” is through networking. If you know someone who works or has worked at the company, it’s best to have them refer you, Givens says.
“We do put our postings out externally as well, but I say traditionally, a lot of the hiring happens through networking,” he says.
Givens himself is an example of one of those early pipelines Walmart set up through internships. He did an internship at Walmart back when he was a student at the University of Alabama. The internship was a positive experience for the company and Givens both. The introduction turned into a career when he joined Walmart full time after graduation, back when the big issue in the enterprise was getting ready for Y2K.
How Walmart’s Cybersecurity Practice Evolved
When Givens first joined Walmart as part of the cybersecurity initiatives, the organization was primarily focused on being an enabler, he says. The teams worked on administrating access and providing base-level protections against common known threats.
“The threat landscape was so different then. We were just heavily focused around the basics of security,” Givens says. Over time as the threat landscape has changed, the Walmart cybersecurity organization has also matured. Givens says there’s a big focus on proper training and cybersecurity awareness that both leaders and all associates at the company need.
“Cybersecurity is bigger than just having an organization that’s purposeful and driving it,” he says. “We need everyone to be a part of it to be successful.”
That’s why training has become a big part of what the cybersecurity group does at Walmart. For instance, Walmart tests its own training by sending fake phishing messages to associates. Do associates click the (fake) malicious link, or do they report it?
“If we find situations where associates don’t recognize the phishing attempt, it’s still a teaching and learning opportunity,” Givens says. “We will follow up with that associate and help them understand what actions they should have taken and how they could have identified it as a phishing email.”
Givens talks about how cybersecurity is becoming embedded in the business, and that's more important than ever before.
“We're here to build trust,” Givens says. “We want to make sure trust is at the forefront for not only our associates when they're doing their day to day, but also our customers. How you build trust is through security and through ensuring that proper security controls are in place.”