FeaturedImage-Best Practices for Retaining Cybersecurity Human Capital

Best Practices for Retaining Cybersecurity Talent

Cybersecurity talent is hard to come by so when organizations find the right candidate they must strive to retain their top employees.

Talent retention in the cybersecurity industry is such a vexing problem that even institutions as prestigious as the National Security Agency struggle to keep their elite operatives employed. The talent deficit for cybersecurity expertise creates a market climate where personnel are able to command upward salary pressure that prices organizations out of contention for human capital. If an information security specialist has the opportunity to double their salary elsewhere what can you as business do to enhance your value proposition?

Retaining Your Top Cybersecurity TalentAccording to the Acumin Blog, a British IT content publisher, the primary reason cybersecurity officials resign from their posts or begin to consider departing is salary-related. While enterprises need to exercise caution in not offering unsustainable compensation packages, pay increases are a must to retain vital personnel. But, the retention issue is not purely financial.

Flexibility is another premiere demand amongst cybersecurity professionals. These individuals realize they are special, scarce and the proverbial “unicorns” of the IT ecosystem. Hiring managers need to carefully evaluate onboarding benefits like, like split shifts, customizable hours and telecommuting to satisfy the lifestyle preferences of these InfoSec elites. That’s not to say cybersecurity professionals deserve Hollywood star treatment, but enterprises need to be accommodating. Businesses might benefit from approaching cybersecurity talent the same way Division 1 athletic programs engage blue chip recruits.

And like any other competitive industry, enterprises need to offer cybersecurity staff abundant career development opportunities. According to “Cybersecurity Professional Trends,” a survey conducted by the Sans Institute, a cybersecurity research organization, nearly 30% of respondents listed advancement as the main reason they would consider pursuing a new job. Advancement slightly edged compensation in this survey. And with the Sans Institute reporting that 25.4% of cybersecurity professionals they surveyed seeking management positions in 2014, and 33.1% pursuing this advancement in the next five years, career development is one category that enterprises cannot afford to neglect.

Businesses can’t be completely faulted for this career development deficiency as information security currently suffers from a lack of standardized industry certifications and skills across the board. Also, career development and promotions are often accompanied by salary increases, so there is significant overlap between these two areas. Nevertheless, organizations need to be proactive in learning about cybersecurity education opportunities and finding ways to integrate these resources into their business models. Without a standardized paradigm for continued education and expertise, organizational leadership paradigms become unclear and unstable.

And just like financial services firms cover the costs of securities examinations and license-specific training classes for their personnel, enterprises should also subsidize advanced IT education for their valued employees.

Additionally, the Sans survey found that 50% of respondents chose to remain in their current roles because they derived personal fulfillment from the job. In a financially deterministic world, this finding may surprise some, but it speaks to the bigger theme of empathy. Cybersecurity specialists are a rare species and their scarcity breeds some unique and recurrent personality patterns. Therefore, enterprises should invest a little extra on personality and behavioral screening to determine the temperaments of their candidates. By working to better understand their personnel and tailoring the work environment to suit their preferences, enterprises help make their InfoSec staff feel valued and fulfilled.

In the end, organizations, which better understand the personality nuances of their cybersecurity human capital will know how to optimize their workplaces for maximal retention. If enterprises offer their valued personnel a culture where they feel appreciated, fulfilled and intellectually empowered, continuity is secured.

Learn about the 5 recent cybersecurity hiring trends for 2016 by clicking here!