The employment landscape is shifting rapidly as a result of the skill shortfall in cybersecurity. This shift is due to a number of factors, including historically low unemployment claims, unparalleled quit rates, and swathes of baby boomers and older Gen X experts retiring, also known as The Great Resignation.
Since the advent of the work-at- home culture, there has been a demand for more skilled IT security staff than there are available. Education and training still need to catch up with demand, and there are fewer cybersecurity professionals leaving university than there are businesses that need their skills. When a person leaves, it can be a wake-up call for other staff and lead to a wave of resignations. When budgets are tight and demand is high, recruiting and retaining good staff is a challenge for busy CISOs with enough plates to juggle and fires to fight.
Attracting talent in an ultra-competitive IT labor market
It is important to pay the right rate for the job you are advertising. There are different roles that demand different salaries. A lot of people don’t like the word “competitive salary” because they don’t like to see what you are offering. If you are going to demand a testing process or multiple interviews for potential staff, they want honesty and fair pay. Benefits and bonuses are great, but in the current economy cash is king. People are looking for financial security because of rising fuel and utility bills, supply chain shortages and soaring supermarket prices. As you try to work out what the company is willing to pay, prospects don’t want you to play the usual corporate game. Regardless, what you are willing to pay will always be the issue. If you want your salary offer to be included in your advertisements, you should take a look at what other positions at similar companies are offering.
HR is a public relations exercise. People see behind the curtain into your organization through social media, and this is how they will judge you and what it is like to work for you. The first port of call for them is usually LinkedIn, followed by a search on the internet and a visit to the internet encyclopedia. Take a look at your online presence Does it accurately represent your brand and culture? Are you seen as a thought leader who can make a difference in the workplace? Is Glassdoor a place where you have a poor rating? Is there a lot of staff moaning about working conditions on social media? If the answer to the last two questions is yes, then there will be a need for some reputation management and a campaign to boost your public image through your marketing channels. Encouraging positive commentary and content sharing by your existing staff is always a help in this area, but this is a conversation you need to have with your marketing department or agency, and recruitment should be a consideration.
People value their work/life balance and quality time. What could you do to make your organization more attractive? Do you operate hybrid systems? The job description should detail the boundaries of the security coverage you need. Flexible working hours draw people to work. It’s priceless to start an hour later so you can drop off your children at school. Being able to finish early on a Friday may be the thing that seals an employment deal. The flexibility factor needs to be made clear in any advertising. If people believe your organization is respectful to their interests and individual requirements, you will be able to make a bond with them.
Be gentle with your process. During the first couple of months of their new job, new hires are at their most impressionable. If it were offered to them, they could jump to another role in a state of transition.
A research shows that 94 percent of executives and 88 percent of employees think a positive workplace way of life is important to a business’s success. People want to have fun at work, but they don’t like being forced to have fun. It doesn’t mean that you have to be serious all the time when tackling serious challenges. There is a big difference between making everyone wear fancy dress for Comic Relief and leaving Nerf guns in the canteen. The speaker holding a rubber chicken talking stick in a scrum meeting can do wonders towards fostering a more friendly and pro-active workplace culture. I used to work for a company that had an excellent after-hours gaming group. If employees are friends with the people they work with instead of just being colleagues, they will communicate more effectively, be more dedicated to their teammates, and work better together.
Older and more experienced staff are hated by everyone. According to The Micromanagement Survival Guide, the majority of managers were unaware that their employees left their job due to their close observation and tightly controlling management style, so you probably don’t know if you are. Micromanagers usually have the best intentions, but their behavior can affect performance. When managers don’t trust individuals to do their jobs and focus on the wrong priorities, productivity is slowed down. Managers moving into established companies can be guilty of this often. Send fewer emails to make sure employees are progressing. Independent decision-making is encouraged. Don’t stay away from the delegation. People have expertise. If you want to ditch the requests for unnecessary and overly detailed reports, automate them. Don’t sweat the smallest details. An honest and thoughtful self-assessment of your own behavior will tell you if you’re being too controlling and need to step back to improve staff retention.
Giving responsibility and investing in your team shows trust and ownership. Tasking people with leading red team exercises, awareness training, or phish testing is a great way to show you value them and encourage growth that can be rewarded come appraisal time. No one likes taking on extra tasks, even if it’s well-intentioned.
Eliminating obstacles to success is a must. They know you are on their side if they have the right tools and path of least resistance towards success. If your team is wading upstream through alerts and fighting against the app development team to police best security practices, that will lead to them looking for opportunities outside of your area. Training to use the right tools and investing in the right tools is necessary for the success of your team. Having clear and actionable insights and easy reporting can relieve some of the pressure on busy teams. People feel valued when they feel invested in. Consider putting some money into cybersecurity automation, which will relieve some of your overall capacity/recruitment problems, and will also lower your chances of error compared to a manual approach.
There is no evidence that perks and bonuses are effective for long-term retention, even though people like them. They aren’t more attractive than the actual reason an employee might have to look for another job. These are one-time payments so they don’t foster loyalty. Progress and advancement can be seen in regular salary increases. A yearly salary review allows for discussion around career advancement and set goals and targets, and the simple act of rewarding a college with a senior title to reflect their expertise can go a long way to giving them justified acknowledgment. A change in job title is not a good reward for an increase in workload or liability.
The little things mean a lot
The small things are more important to some people than we think. When buying a car, we may look for things like aircon, parking sensors, or a certain color, instead of fuel economy or brand. In the context of the workplace, details like this can make a big difference in staff retention. Tell your team how you can make their lives better. It might be as simple as a brand of coffee for some people. They may need a new office chair. If you look after your team on a personal level, they will feel valued and look after the business.
This undermines excellence, so don’t praise it. People don’t like when everyone is treated the same. Some produce more, and some less. If you treat everyone the same, you can lead to job dissatisfaction and make your best players feel under appreciated.
It’s detrimental to keep hold of staff if you don’t acknowledge first-class performance. It’s important to highlight positive behavior and give feedback to employees. Outside of a formal review, they can say “Thank you”, “Well done”, and ” Much appreciated”. It builds trust and clarity. Employees feel pride and ownership when they are thanked and rewarded for their labor.
Employees dislike unnecessary rules. When drafting their mandatory employee guidelines, organizations sometimes go too far. IT security is notoriously the domain of intelligent free-thinkers and restrictions on dress code, the use of mobile phones or the internet can be stumbling blocks to staff retention. People are allowed to be people. The streets are two-way.
Prevention is better than cure
It is just unavoidable that staff will choose to move on. They could have other priorities. They might want to work in a start-up or work for themselves. They might want to work with people who have moved on. They usually make a decision by the time they come to hand in their notice. It may be too little, too late to offer more money. There is nothing we can do about the grass on the other side, but we can prevent our employees from looking over the fence into pastures new by taking care of it.
The post How CISOs can find and retain security staff during the Great Resignation appeared first.
This is a security Bloggers Network syndicated post. The original post can be found at: