We find people ultimately leave their jobs most often because of two reasons: the culture and the leadership. Generally, cyber professionals have passion for their work and enjoy what they do, and despite cyber being a technical field, it’s still a people-centric profession.
When hiring in highly specialized fields where the labor pool is tight, companies must put in effort to counter exfiltration. Check in with people to see if they are unhappy and how the company can address their pain points. Remember, people don’t change jobs, they change leadership and companies. Here are some of the most common factors we hear that cause cybersecurity professionals to leave their roles.
We’ve all seen how companies respond to a security breach or adverse industry event. The company takes a new found focus, announces investment in cybersecurity and additional people to show the issue is being taken seriously. The staffing efforts inside the building may tell a different tale. Funding for new cyber positions doesn’t always translate to new team members. Without a budget for HR support or for professional services of an external recruiting team, those positions go unfilled and the cybersecurity team experiences burnout.
No one wants their work to be seen as low priority or less important. Cybersecurity leaders must be willing to go to bat for their teams to get the resources they need or valuable people may be headed for the door.
While respect from company leadership helps improve work culture, having the respect of peers and direct managers is just as important. Managers must be diligent when it comes to ensuring mutual respect among employees and that all voices are heard. Unfortunately, the cybersecurity community, and the tech industry in general, still has hostility toward talent that is not white and male, as a few high-profile employment lawsuits have revealed. Even at companies that say they are making efforts to increase cybersecurity diversity, the diversity of the team doesn’t always line up with stated goals. Hiring a diverse cybersecurity team and addressing issues of workplace hostility quickly will make employees from other backgrounds feel valued and motivated.
This is something we see all the time. Working long hours, staying current with trends, constantly being asked to do more with less, and a poorly defined role can leave staff feeling overwhelmed and burned out. When 68% of cyber professionals say their job can be taxing on balance between personal life and work life, considering this lack of work-life balance for cybersecurity professionals - it’s no wonder nearly three-quarters of cyber pros are open to a job change. This has contributed to 61% of cybersecurity professionals believing that ‘regular’ employee turnover in the next 12 months will also cause security issues.
What attracts people to cybersecurity is also what gives them the desire to keep moving forward in their careers, such as a wanting to solve problems and challenge themselves. The 2023 ISC2 Report found that limited promotion and development opportunities remained largely unchanged, becoming a large contributing factor for cybersecurity professionals feeling dissatisfied with their current job. Conducting regular performance reviews, setting a defined cybersecurity career path, and providing relevant training will show people the company is invested in their success and wants to assist in professional development.. In turn, people will feel more invested in the company if they believe it will help advance their careers.
In order to develop and retain these vastly different profiles of cybersecurity professionals, organizations need a custom solution. CyberSN's Cybersecurity Workforce Risk Management Service steps in to fill this gap, enhancing operations with workforce insight, organizational risk mitigation, and workforce development and retention planning. Empowering security leaders with a 360-degree view of their entire cybersecurity workforce across full-time employees, contractors, consultants, and Managed Security Service Providers.
For support in cyber workforce risk management, get in touch.
