Security Staff Acquisition & Development, Security Strategy, Plan, Budget

Note to employers: in today’s world, high pay alone doesn’t mean they’ll retain a cyber employee  

Today’s columnist, Thomas Pore of LiveAction, writes that Deep Packet Dynamics can help reduce long dwell times like the industry saw in the SolarWinds case where attackers were in the network for more than a year. (“SolarWinds letters” by sfoskett is licensed under CC BY-NC-SA 2.0)

For the most part, cybersecurity pros are sitting out the Great Resignation movement that continues to compel so many people to leave their jobs for myriad reasons, including low pay, a lack of opportunities for advancement, and feeling disrespected at work.

The significant majority of cybersecurity pros report high job satisfaction rates. Yet their organizations still struggle to prevent them from leaving for other opportunities and to fill vacant positions. Reversing those trends requires business leaders to realize that their employees and job candidates are looking for more than higher salaries and wages. They need to create a culture where security teams are  considered important to the company’s growth and success, not a necessary cost center.

Of course, everyone wants more compensation. Salaries were rising before the coronavirus pandemic struck in early 2020, and that trend has accelerated. Good pay has been one main reason why the role of information security analyst jumped 14 spots from last year to the top of  U.S. News 100 Best Jobs Rankings for 2022.

While the years-long gap between the numbers of job openings and qualified candidates remains large, it has been slowly closing. (ISC)² reports a decline from 3.12 million to 2.72 million unfilled job openings in 2021 compared to 2020. Yet, (ISC)² CEO Clar Rosso also warns that the industry must be realistic: traditional hiring practices are insufficient, she says.

The (ISC)² report focuses on hiring, but I believe that Rosso’s recommendation to modernize hiring practices also applies to rethinking the traditional cybersecurity professional’s job description -- one where higher salaries are expected to offset the high stress levels and feelings of marginalization that so many job seekers we work with express as the reasons why they’re looking for new opportunities.

They’re burned out from long days spent constantly responding to threats and the perception that their managers don’t value their contributions to the business. They’re frustrated that despite the pressure they’re under, their organizations view security’s value as limited to merely checking a box for compliance purposes

“Cybersecurity, once strictly a function of the information technology department, is turning into a business concept with societal implications,” says Gartner analyst Sam Olyaei. “Investor interest, public pressure, employee demands, and governmental regulations are strengthening the incentives for organizations to track and report cybersecurity goals and metrics as a business requirement. As a result, the role of the cybersecurity leader has become increasingly elastic because of the growing misalignment of expectations from stakeholders within their organizations. This is causing burnout among security leaders, who are overworked from practicing in ‘always-on’ mode.”

The key takeaway: there’s a direct correlation between a person’s job satisfaction and their beliefs that their companies acknowledge their day-to-day work is a value-add to the business, not a cost center.

Our data also reveals that employees experience higher job satisfaction and lower turnover rates when management embraces remote work. It’s impossible to overstate what a sea change this represents for cybersecurity professionals.

Before the pandemic struck in early 2020 and forced people to work from home, the significant majority of the jobs posted to our platform were split 60-40 in favor of in-person work vs. remote. But over the last two years, the number of jobs requiring employees to work in an office full-time has dropped to below 5% of all openings. Our fill ratio on recruited roles that are remote jobs is around 50%. That number decreases to about 20% if they are required to be in an office full time.

Yes, employees and job seekers value higher salaries, but they need to do their homework. Organizations should leverage data on what other companies in and around their industries and geographic areas are offering to candidates to determine pay rates that are attractive enough to retain or attract talent in today's market.

Business leaders almost must realize that just by offering higher pay doesn’t mean they will retain an employee. Companies should be open to requests to work remotely, implement robust employee health and wellness initiatives, and train team leaders on not only how to identify risk factors for employee burnout, but also how to help them cope.

Put simply, effective leaders listen to what their employees are telling them. There’s a direct correlation between satisfaction and feeling valued and heard by an employer. Once employees begin to feel as though they are simply a commodity, they will start to look for other opportunities.

Drew Fearson, chief executive officer, NinjaJobs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.