10 ways to increase retention of cybersecurity talent

Once you find the right people for these critical cybersecurity roles, how do you ensure they don’t leave? Over half (56%) of respondents reported have problems retaining talent It is included in the 2023 State of Cybersecurity Report by the professional association ISACA.

“Many cyberworkers are not only doing their jobs, but also covering other vacant or unfilled positions in the workforce,” said Erin Weiss Kaya, a senior associate at a consulting firm. booze allen hamiltonhe told InformationWeek.

As the onslaught of cyber threats increases in volume and sophistication, taking on additional workloads with limited resources is a perfect recipe for burnout. And burnout is a well-known trend in the cybersecurity field.

When people feel overworked or undervalued, they’re probably ready to job search. Cybersecurity talent is in such high demand that the search probably won’t take long. “Skilled workers in cyberspace are receiving calls for new opportunities on a weekly basis,” says Weiss Kaya.

How can corporate cybersecurity leaders create a workplace that encourages team members to stay and grow, rather than answering a recruiter’s call and leaving for a new company? Here are 10 ways to consider: Shown below:

Related:IT security recruitment needs to adapt to skills shortage

1. Recognize the problem

If an organization is having problems with cybersecurity retention, turnover is the clearest indicator.of Average turnover rate in the cybersecurity industry According to the Cybersecurity Under Stress report by cyber threat intelligence firm ThreatConnect, that rate is approximately 20%.

Knowing that turnover is a problem is not the same as solving it. Company leaders should do some research to understand why employees leave. Research work can provide some insight here. “One of the best ways to understand whether someone is likely to leave is through survey-based work and other types of intent-based data collection,” Weiss Kaya said. Masu.

Data certainly paints the picture, but leaders need to talk to their teams to fill in the blanks. “There’s no substitute for a leader who sits down with individuals or the whole team and has a roundtable and says, ‘Hey, give me some honest feedback,'” says John Grancarich, the company’s chief strategy officer. . fortraa cybersecurity and automation software company.

2. Make retention a team sport.

An organization’s CISO naturally takes the lead in securing cybersecurity talent. But they can’t do it alone. Employee retention is driven by several different factors, driven by many different people within a company.

Related:How to start a career as a cybersecurity consultant

“Ultimately…the CISO is responsible in many ways, but…under the CISO’s office are team leaders and department leaders. So of course there is a need to keep everyone informed and engaged. Yes,” said Michael Lyborg, CISO. swim lanean AI-powered security automation company.
Human resources and other members of the senior leadership team can also play a role in creating an effective talent retention strategy.

3. Use a rotation program

Rotation programs can give cybersecurity personnel the opportunity to develop new skills within your organization.

“This really starts to develop the skills of existing staff and gives them a way to expand their roles within the organization. ‘As opposed to saying, ‘I’m going to fly to New York.’ That’s something I wanted to do, but I couldn’t find it within my organization,” explains Weiss Kaya.

4. Provide continuing education

Providing people with continuing education opportunities is a simple strategy for retaining talent. When people have opportunities to grow and learn, they are more likely to not only stay but use their skills to support the organization.

Related:Bridging the cybersecurity talent gap

“Are they there?” [enterprises] Have you looked into traditional continuing education opportunities?Do you have a clear tuition reimbursement plan? Did you actually create one? [easy] What about access to training and certifications? Are they creating pathways to conferences?” asks Vice Kaya.

5. Show a path to growth

In ISACA’s State of Cybersecurity 2023 report, 48% of respondents cited limited advancement and development opportunities as a reason why talent leaves their organization. Building and sharing a roadmap for career advancement is a long-term investment in your people and retention.

Cybersecurity professionals can be overwhelmed with day-to-day work and struggle to find advancement opportunities. Cybersecurity leaders can help you see the way forward.

“Developmental assessment can be a great tool for children to begin to recognize opportunities for next steps,” suggests Weiss-Kaya.

Once leaders and talent understand where an individual’s strengths lie, they can rely on them. We pair people with mentors who can build on those strengths. Share how developing specific skills can lead to career advancement opportunities.

“Involving employees in that long-term journey is a way to get them really excited and excited about where they’re going in their career, leading them to stay and trust that their employer will show them the way.” There’s a chance he’ll stay in the organization for a long time, Grancaric says.

Side view portrait of a modern IT developer using a computer in his home office at night, working on software, coding new applications, sitting in front of a large PC monitor.Data science specialists in action

6. Stop looking for cyber unicorns

According to Grancaric, the search for “cyber unicorns” is a major factor in the lack of job openings in the industry, leading to great pressure on those employed in the cybersecurity field.

Just because an individual doesn’t have the set of qualifications that a recruiter is looking for doesn’t necessarily mean they can’t grow into a cybersecurity role. With so many companies competing for cyber talent, it’s impossible for every candidate to be a perfect unicorn fit.

“We have to find ways to bring more people into the field and provide an entry point for them to make meaningful contributions. Because we think it can help alleviate some of that,” Grancaric said.

7. Consideration for the working environment

How does an organization’s working environment influence an employee’s decision to stay or leave? “Cyber ​​professionals tend to thrive in nontraditional environments, but the nature of the parent organization in which they work It’s not necessarily non-traditional,” says Weiss Kaya.

Can organizations make relatively simple changes to their work environments to make them more welcoming to cybersecurity talent? Do non-customer-facing employees really need to wear a suit and tie to work? Is there one?

“Removing that requirement from the environment is an effort to demonstrate that we intend to make long-term changes.” [in] How do we think about incorporating some of this workforce into our larger culture,” says Weiss Kaya.

Cybersecurity is a high-pressure industry. But Ryborg insists that leadership must not lose sight of the importance of bringing teams together. “In my opinion, the most important thing is that cybersecurity should be fun,” he says. “Many of us are remote, so we need to combine that fun by doing these labs and exercises and bringing people together. Doing events together, whether it’s virtual or physical. is also very important for maintenance.”

8. Prepare for new technology

Business leaders need to consider how AI can harm and benefit cybersecurity teams. Meanwhile, AI-powered attackers are poised to further increase the volume of their attacks. And existing cybersecurity talent will be under pressure to upskill and catch up.

On the other hand, cybersecurity professionals tend to be curious and active in using new technologies. Automation with AI can make your job easier, streamline workflows, and reduce alert fatigue.

How can companies incorporate AI into continuing education opportunities to help team members maintain and potentially reduce work pressure? AI can help balance the workload of cybersecurity teams. How might this open the door to attracting new talent?

9. Maintain a market salary

Money isn’t everything, but it’s not a good idea to pretend that money isn’t a major factor in an employee’s decision to stay or leave an organization. In the ISACA State of Cyber ​​security 2023 report, 54% of respondents reported that low financial incentives are a factor that drives cybersecurity professionals to change jobs.

“Salaries need to be looked at very regularly by organizations and re-evaluated to ensure they are actually in line with what the comparative market looks like today,” says Weiss Kaya.

10. Monitor success

Company leaders can look at turnover rates as they implement changes to address talent retention. Is it going down? Attrition rates will never reach 0%, but visible improvements indicate that cybersecurity talent is responding to retention efforts.

Quantitative metrics are important metrics, but they don’t always tell the whole story. It’s important to continue talking with your cybersecurity team members to understand their position. Perform regular check-ins. Conduct exit interviews. Ask people what is and isn’t working in their work environment. Grancaric says creating an environment of trust will encourage people to speak up.

“Our job as leaders is to [to] We need to prioritize what we hear to make meaningful progress,” he says. “It’s not the employee’s responsibility. It’s the security leader’s responsibility to take what they hear and put it into action in a systematic and sustainable way.”

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button