How companies are failing their best security pros

Copyright Anna

Do you have any security pros on your staff? If so, there’s a good chance that they’ve been offered a job with your competitors in the past seven days.

That’s an alarming finding from a recent Enterprise Security Group (ESG) research poll. Forty-six percent of cybersecurity pros surveyed said they’re solicited for a new job at least once a week.

Given the demand for cybersecurity pros, that could be bad news for companies looking to hold onto their best talent.

Even worse news: Many of these tech pros seem like they’re open to the idea of leaving.

What makes them happy

When it comes down to it, security pros want the same thing that most employees want from their employers: good pay, an opportunity to contribute meaningfully to projects and a path to success.

In other words, they want:

  • competitive or industry-leading compensation (32%)
  • an organizational culture that promotes security (24%)
  • management that’s committed to security (23%)
  • the ability to work with skilled and talented security staff (22%), and
  • to work for a company that provides financial incentives tied to improving skills (22%).

Those surveyed said the best ways to improve their skills were likely:

  • attending specific cybersecurity training courses (58%)
  • participating in professional organizations (53%), and
  • on-the-job mentoring from security pros with more experience (37%).

But for many, the reality is far from the ideal. In fact, only a third (35%) of those surveyed had said they were confident their organizations offered a well-defined career path and a plan to get to the next level.

Next steps

With the competitive job market for security pros, you may want to pull out all the stops when it comes to retaining the talent you already have in house or attracting new talent.

So what should you do to make your workplace more attractive to these in-demand staffers?

  1. Make connections. According to the survey, 27% of security pros said the relationship between security and the IT staff is fair or poor, and 27% said the relationship between the business and security pros was poor. Make sure you’re doing what you can to smooth this over by encouraging the groups to get together and discuss solutions that work for everyone.
  2. Start with the top. Buy-in is important. But 44% of security pros said CISOs aren’t at the right level of participation with the rest of the board. Make sure that the top brass knows about security risks and successes so you can get the support you need across the organization.
  3. Lay out a path. Consider offering training or certification programs for your cybersecurity pros. This is something most of them would desire, as it shows a commitment on your part to making sure their careers can advance within rather than outside of the organization.