We’ve all heard about the skills shortage in IT security—and it is a very real problem, even though companies have become more creative in how they attract talent. But there’s more to consider: Retaining the talent, once acquired, should also be a keen focus for HR departments. And it takes more than a good compensation package.
Deidre Diamond, founder and CEO, Cyber Security Network, discussed the golden ticket for cybersecurity personnel retention at the Infosecurity Management Conference in Boston this week. She shared recent survey results that paint a comprehensive picture of what contributes to employee dissatisfaction. Hint: It’s not about the money.
According to her data, gleaned from a LinkedIn survey, a concern about a lack of advancement opportunities tops the list of why employees leave their jobs, with 45% citing this. Another 41% said they left amidst concerns about leadership or senior management. Dissatisfaction with the work environment and culture, and a lack of challenging work, came in next with 36% each. And finally, compensation comes into the list at No 5, with 34% of respondents saying this is why they left.
In all, people leave their jobs every 12-18 months, according to Diamond—which is a staggering turnover, especially for an industry like information security, where there are too few people to fill a glut of positions.
Interestingly, not feeling valued was a problem for a third (32%) of respondents—suggesting that management skills could stand to be improved.
“What we have found is that all people want the same things—and you must execute on all of them at a C+ or above,” Diamond said. “The tricky thing is that a lot of these things take soft skills—but are there management courses on how to make your staff feel valued?”
Some of the “musts” seem straightforward, but are all too often not prioritized in many organizations:
1. Set measurable agreements around roles and responsibilities
“Whenever there is massive breakdown within an organization, quitting and upset, this is almost always the reason,” she said. “Telling someone that they need to do something faster, cheaper or better isn’t measurable. The parameters need to be, how many, how much, and how will I know it’s accomplished. You have to make sure you’re providing an environment where there are measurable expectations—and that’s not easy, and it’s time-consuming. But this isn’t about what’s easy, it’s about what works.”
2. Transparent and honest communication
“An (ISC)2 survey indicated 96% of women and 92% of men said communications skills are the No. 1 attribute for success in the cybersecurity workforce,” Diamond noted. “We need to take ownership of this as a community, and say soft skills are just as important as hard skills. If we want workplaces to be welcoming, fun places to be, we have to have this.”
3. A clear career path
Everyone wants a career path—but employers may not realize how to provide one that dovetails with employee hopes. When asked, “do you hope to be promoted or advance to the next level of your career in the next three years,” the majority answered yes. To boot, 85.3%, while 62% aspire to C-suite level at some point.
“Tech recruiters are going to be calling your employees—and you must address this topic so you have the communication going,” Diamond said. “You say, if you stay for three years, we’ll take your skill set from this to that, and then we’ll see where we are. It’s not about having all the answers, it’s about having the conversation.”
4. Wage equality with peers
Women who work full time earn on average 75 to 80 cents for every dollar earned by men—a pay gap of about 20% to 25%, according to Department of Labor statistics. But generally, employees may not think they’re underpaid until they find out someone else who does the same job is making more.
“Everyone talks, even if they’re not supposed to, and salaries come out,” Diamond said. “This falls under feeling valued. Women tend to start off at a lower salary, and then raises are based on what you’re currently making—and what the team is making and what the industry is paying. It’s a massive problem.”
The best practice here, she said, is simple: “You pay everyone the same for the same skill set and a little more than the industry. It does work.”
5. To work around kind, respectful people
This is another soft-skills arena, and it’s something everybody wants.
“It’s powerful to know that you turn people on and off as a manager—knowing you’re responsible for how people feel when they’re at work,” Diamond said. “I counsel companies to send everyone to training on this, regardless of if they have a manager title. Company culture is important.”
She added, “The highest form of wisdom is kindness. It makes a difference and sets the tone for the entire day. If the environment is happy and upbeat and positive, the retention statistics are dramatically different.”
Photo © Ines Bazdar