The demand for skilled information technology (IT) personnel (including cyber security professionals) is at an all-time high, particularly after the publicized breaches of global companies that have resulted in the exposure of millions of sensitive files. A recent study by BeecherMadden, a leading global recruitment firm observed a noticeable rise in vacancies in the IT security-related positions, with ultimately about half of these remaining vacant.
Traditional industries that never really considered cyber security a key business need find themselves actively recruiting security personnel amid tough competition. In addition to the government workspace struggling to recruit top cyber security talent due to salary limitations, the healthcare sector is finding it equally difficult to supply their security needs. With cyber security professionals willing to command a 9 percent pay premium over other IT workers, organizations are challenged to weigh their needs accordingly.
But landing skilled professionals can be a difficult endeavor depending on the specific needs of the organization. Cyber security professional is a broad term that encompasses many different though related disciplines. Network engineers, malware analysts, network architects, software/hardware developers, and threat intelligence are some of the fields that are included under this umbrella. More often than not, cyber security professionals specialize on a particular aspect of cyber security rather than possess deep knowledge and experience over the entire spectrum.
This may be the reason that there are so many open positions. According to one source, there were approximately 210,000 national postings for cyber security jobs in 2013. The latest estimations from a study put this figure at 1 million for 2016. According to 2015 findings Journalism Program project, more than 200,000 cyber security jobs were not filled with postings up 74 percent over the past five years. Indeed, given the current state of affairs, the current environment favors these individuals and retaining them is going to be a challenge for most organizations.
As a result, cyber security professionals find themselves in the unique position of being in the place to pick and choose from a wide selection of industries. A recent survey revealed that experienced cyber security practitioners are most likely to leave their current place of employment to pursue new opportunities for a variety of reasons. Of those responding to the survey, finding more challenging work (34 percent), earning a higher salary (23 percent), and/or being able to command more flexible working hours (17 percent) were the primary motivating factors that would influence their decisions.
This is revelatory for those organizations that are fortunate to have a successful cyber security staff in place, because they are at risk of being poached by competitors looking to hire individuals with an established track record and work history over those less experienced. Organizations need to understand that attracting talent is but one step in establishing a cyber security team; retaining it is the next and often more difficult objective at hand.
All is not lost. There are several initiatives organizations can undertake to demonstrate their commitment to providing a rewarding cyber security culture that keeps its personnel. In addition to providing a competitive salary or comparative work-life balance, some factors that can influence an individual’s decision to remain at his place of employment are:
- Determine the satisfaction level of the individual. A 2014 SANS survey of IT security professionals revealed that more than 70 percent of respondents indicated that personal job satisfaction was the reason they chose to remain at their current places of employ. Ensuring that these individuals are not only challenged, but are actively sought out to contribute to an organization’s security posture is important because it recognizes their efforts and acknowledges the expertise that they bring to the table.
- Provide career growth and enhancement. Many IT security professionals need to keep up their certifications. Organizations showing that they have an active interest in helping these individuals maintain their credentials and support their career development is a positive way of reinforcing the relationship between organization and individual. Providing opportunities for these individuals to assume more responsibilities, lead teams and ad-hoc projects, and instill trust in them.
- Seek out their ideas. While organizations may have strategic plans for how cyber security can contribute to the overall success of the company, cyber security professionals have the benefit of their experience knowing what works, what doesn’t, and what can be adjusted so that it could potentially work. Actively requesting their thoughts and opinions on future courses of action and how they can be executed efficiently and successfully will show that the company is interested in their opinions.
Like in any team environment, success is often the result of the all parts working in harmony together. The same approach can be applied to organizations that are either trying to build or maintain their cyber security staff. Employees contribute significantly to an organization’s achievements and a cyber security team is no different. Its value can be measured by the reduced number of security incidents and the speed and efficiency with which those incidents that do occur are mitigated and remediated. Like any championship-caliber team, cyber security teams need to gel and develop together. The longer they collaborate, the better they will be able to serve the organization’s needs, as well as their own.
This article is published as part of the IDG Contributor Network. Want to Join?