Tackling Cybersecurity Turnover: Best Practices to Retain Top Talent
The cybersecurity workforce gap is growing: Recent research
shows a shortfall of nearly three million skilled professionals worldwide. More worrisome? Almost 60 percent of companies surveyed said this gap puts them at “moderate or extreme” risk of cyber attacks.For organizations fortunate enough to have dedicated, experienced IT teams in-house it’s tempting to breathe a sigh of relief. But in a high-demand market, companies can’t afford to rest on their laurels — data from the International System Security Certification Consortium
(ISC)2 found that 46 percent of cybersecurity experts are contacted weekly by recruiters, even if they’re not actively looking for new jobs.The hard truth? It’s one thing to recruit top talent — it’s another to retain top-tier infosec staff. Here are four best practices to help tackle cybersecurity turnover.
Cybersecurity professionals with in-situ skills and workforce experience are in demand. Salary data
shows average compensation starting at $70,000 for infosec experts, with companies in some states paying over $95,000 for qualified security staff. It’s no surprise, then, that just 15 percent of cybersecurity workers have “no plans” to leave their current position. With their skills and experience needed everywhere
, it only makes sense to regularly evaluate other career options — and accept new offers if they’re substantially better than current opportunities. This sellers’ market creates a challenge for organizations: How do they keep top talent satisfied without neglecting other line-of-business obligations?
As noted by Iot For All
, cybersecurity environments are rapidly becoming more complex as always-connected devices and sprawling cloud networks make it impossible for traditional security solutions to protect IT infrastructure.For cybersecurity professionals, increased complexity leads to both increasing workplace stress and shrinking time to pursue new IT initiatives. Over time, greater complexity erodes staff engagement and makes them more receptive to outside offers from social media contacts or IT recruiters.The solution? Start by leveraging new technologies — such as cloud-based firewalls and real-time detection tools — to help reduce IT complexity. Also critical? Culture shifts that breed a shared responsibility for IT security, rather than placing the burden entirely on infosec pros.
Employee engagement drives productivity. Why? Because engaged staff members aren’t just in it for the paycheck — they care about the work they’re doing. According to HR Technologist
, engagement also improves employee retention, meaning companies spend less time and money finding, onboarding and training replacements.While there’s no single path to better engagement, a good starting point is autonomy: The ISC2 study notes that 68 percent of infosec pros want their opinions taken seriously.Day-to-day, this requires streamlined operations: Make it easy for IT staff to communicate and collaborate and opt for regular project check-ins over day-to-day micromanagement.
The cybersecurity market is deep and wide. Infosec expects can choose careers in data analysis, penetration testing, security design strategy and high-level information governance consulting — just to name a few. Achieving these career goals, however, requires both a clear understanding of necessary training requirements and access to in-demand certification courses.To address these workforce development demands, many organizations purchase large, unwieldy catalogs full of complex assessment criteria and confusing jargon — catalogs that are rarely used and barely functional. The result? Expectations that staff will self-develop career opportunities quickly vanish as cybersecurity pros perceive their current path as their only option in your organization.There’s a better way: Cybrary for Business
. This hands-on workforce development tool lets cybersecurity staff develop and share career paths using curated programs aligned to the NIST Cyber Security Workforce Framework and DoD 8140. The Cybrary solution also empowers staff to find their IT strengths with in-browser virtual learning environments and knowledge-based assessments. The result? Improved opportunities: Infosec staff can identify their preferred path, determine education and certification requirements and receive in-depth training to advance their career.
Cybersecurity is now a top priority for many organizations — as noted by Health Leaders Media
, it’s now the primary concern for healthcare IT pros. What does this mean for your company? That infosec staff needs all the support they can get.While budgetary support is key — specifically the recognition that spends on security helps save money from prevented
infosec events — there’s a greater need for C-Suite understanding of the direct business value associated with improved cybersecurity. Less downtime means more productivity, mitigated data breaches mean no PR nightmares, and improved network monitoring means better understanding of employee use patterns and potential internal threats. Put simply? Cybersecurity now underpins critical business outcomes. To retain top talent, C-suite support is critical.
Staying the Course
Cybersecurity professionals are in high demand, and they’ve got options — salaries are on the rise, recruiters are knocking
at the door and career paths are widening. Tackling turnover in this emerging market demands evolving best practices: Reduce IT complexity, enhance staff autonomy, provide better opportunities and improve C-suite support to retain top talent.