As you’re likely aware, we’re amidst a cybersecurity skills shortage. Industry experts have long been sounding the alarm bells, but organizations across the globe are still struggling to attract the right security professionals. In short, there simply aren’t enough educated pros to go around – and the issue seems to be getting worse, according to data shared by Threatpost.
But, even if you’re fortunate enough to land a high-quality hire, it’s not always easy to retain them (especially when there are seemingly endless opportunities for a security hotshot). So, what can you do (or stop doing) to retain top security talent?
Here are a few pieces of advice:
Stop Making Them Your Digital Janitors
Imagine your employees ignored sanitation rules in the workspace — they upended their wastebasket into the aisles, tossed the remnants of their lunch on the ground, and stuck chewed gum to the walls. Not only would this make for a disgusting environment (not to mention a nightmare scenario amid a pandemic), but you probably couldn’t keep a janitor employed to save your life.
In some organizations, security pros are not unlike the janitors in this example. They’re forced to clean up employees’ messes all day long. Worse, they’re also expected to chase down the employees causing the problems and plead with them to change their bad habits. As you might imagine, this isn’t exactly ideal for team morale and job satisfaction.
Instead, you need to shift the responsibility onto the workforce and hold each employee accountable for their security habits. Not only is this much more effective, but it also alleviates the burden on overworked security teams. Instead of chasing down and educating employees each time they do something wrong, employees will be required to clean up their own messes.
Ensure Commitment to Cybersecurity from the Top Down
Another challenge preventing companies from being able to retain top security talent is a lack of buy-in from department heads to build a culture of security. That is, an environment in which your workforce understands that cybersecurity is essential and does their part to protect the company and mitigate potential risks.
Building a culture of security takes time and dedication. But while change within an organization is never easy, it’s downright impossible if your senior decision-makers aren’t onboard. And if your c-suite isn’t setting a good example when it comes to cybersecurity, you can kiss any hope of attracting and retaining top talent goodbye.
In fact, according to a 2020 survey by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), “Business management’s commitment to strong cybersecurity” ranked third among the most significant factors determining job satisfaction. (Second only to career advancement incentives and financial compensation.)
Furthermore, as we become increasingly reliant on technology to manage all business operations, it’s no longer feasible for security professionals to keep up with the demands placed upon them. The reliance on tech, coupled with the increase in cybercrime and the growing tech skills gap, creates a perfect storm. And if you want your organization to survive, you need to make security integral to everything you do.
To best support your security team, make sure every department factors cybersecurity into every process and decision — and start with senior leaders.
Give Them the Tools They Need to Succeed
Even if you can hire and retain top security talent, you still need to ensure you’re doing everything you can to ensure their success. Often, that means investing in the tools and tech they need to work efficiently and effectively at identifying and neutralizing cybersecurity threats and helping promote better security behavior across your organization.
One way to accomplish this is by adopting actionable threat intelligence. This way, you can identify where threats originate and, instead of chasing down employees and cleaning up the messes they create, your security pros can focus on promoting training and awareness. Employees can use their mistakes as learning opportunities, advancing their knowledge and skills to support the security team’s efforts.
With solutions like HackNotice Teams, you’ll also have access to an analytics dashboard where you can see which employees are adopting good habits and which employees fall short at both a departmental and individual level. Then, department heads can coach their teams on security habits (as with any other performance-based issue), freeing up security pros to focus on other efforts.
The cybersecurity skills shortage isn’t projected to end anytime soon — though several organizations are working to develop and train people interested in this career path. In the meantime, it’s crucial you do everything you can to make your security pros’ lives easier. By democratizing security across the workplace, fostering a culture of security, and investing in the right tools, you’ll be more likely to retain top security talent for the long-haul.