InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
For the last few years, organizations off all sizes have struggled to retain top security talent. In addition to the headcount required to keep pace with an ever-expanding threat landscape, security leaders also face a post-pandemic labor market wrought
with volatility and unpredictability they have not seen or experienced before. As an example, swarths of young professionals are willing to quit their jobs and not work for a period of time with a belief that the talent market is so hot and supply
is so scarce that they can re-enter the job market at-will.
In fact, the Department of Labor reported that in 2021, over 4.5 million workers left their jobs, which is 1 million more than the year prior. But unlike many previous seasons of turnover, employees are not just seeking higher pay; they cited remote workability,
feeling valued and company culture as motivators to find new opportunities.
This piece provides recommendations for security leaders to help keep staff engaged and on the payroll with on-going best practices.
The profile of employees seeking new job opportunities has shifted. Where the majority of turnover was previously seen in the junior workforce, “the Great Resignation” as it has been coined, is due to the attrition of midcareer professionals
between the ages of 30 and 45. Turnover is highest across the medical and technology industries—both significantly impacted by the pandemic. One could argue these two groups acquired increased workloads and higher stresses than other functions
and industries, and the resulting stress and burnout, ultimately, fueled record-high resignations. Below are some tips to combat increased security staff turnover with guidance on how to retain top cybersecurity talent.
When employees leave, the work does not, which exponentially increases the importance of retained employees and their experience. Not only should employers engage the teams seeing high turnover, but they should be proactive and engage all teams across
Assess the communication loop and determine how often employees are asked to provide feedback on their experience. Most companies distribute annual surveys enterprise-wide, but as the talent market is shifting, increased engagement with employees is critical
now more than ever. Key engagement options include:
For example, security teams often feel isolated from the business. They are seen as disruptors to the normal workflow and are not asked to engage in the business activities and initiatives they support. Many times, security leaders aren’t aware
of the consistent pushback tactical security personnel face and don’t account for these challenges in their strategic priorities.
Budget is also a huge issue that often gets uncovered, especially for security teams. Many teams are understaffed or overworked because they don’t have the appropriate tools and tech to support the priorities. This is a HUGE downer on staff experience.
As you identify trends, hold executive leadership accountable to deploying solutions that are feasible, reasonable and relevant to employee concerns and challenges.
READ: Guidance for CISOs Presenting to the C-Suite
Company culture is how companies get things done, and it’s an important part of customer and employee experiences. Ideally, culture is reflected in and connected to the company’s mission and vision, and it’s a valued part of how people
work, behaviors are rewarded and decisions are made. A significant influencer of culture is the tone at the top. Assess how committed your leadership team is to living your company’s values.
At Amazon, leaders are encouraged to use the company’s core principles as part of all decision-making activities—both operational and people-related. Many other organizations have values that are known in theory, but not executed in practice.
Now more than ever, employees are seeking to connect with organizations that have values and principles that mirror their own. Tone is set at the top, and leaders should use culture as a “North Star” that all employees, teams and leaders should
be aiming for to drive consistency and morale, as well as create community.
DOWNLOAD: Building a More Diverse InfoSec Team
Hiring and retaining great security talent is possible. Here are a few strategies successful leaders have used to proactively reduce attrition:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 8, 2022
By IANS Faculty
Find best practices for ensuring the security of your organization’s OT environment using this checklist based on the Purdue Reference Model for industrial control network segmentation.
December 6, 2022
By IANS Research
Improve your attack surface management plan using 9 steps to mitigate risk and strengthen enterprise security posture.
December 1, 2022
Improve your vendor management program using six focus areas to benchmark program maturity and identify key pitfalls to avoid.