When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46 percent of organizations report a problematic shortage of cybersecurity skills. Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46 percent of cybersecurity professionals are solicited by recruiters to consider another job at least once each week.
The data indicates that there aren’t enough cybersecurity professionals around, and those who are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls.
+ Also on Network World: The scary state of the cybersecurity profession +
Just what factors alienate cybersecurity professionals and cause them to consider other opportunities? As part of the research report from ESG an ISSA, 437 cybersecurity professionals from all over the world were asked this very question. Here are the top six responses:
1. Thirty-five percent of respondents said they become dissatisfied with their jobs if cybersecurity is a secondary part of business strategy, IT initiatives or the corporate culture. So, organizations that treat cybersecurity as a regulatory compliance checkbox or those content with “good enough” security will likely have high attrition and a disaffected cybersecurity staff.
2. Thirty-three percent said they become dissatisfied with their jobs if financial compensation is less than what they perceive they could make in a similar job elsewhere. For most cybersecurity pros, money isn’t the most important factor for job satisfaction, but given the cybersecurity job market today, they won’t accept a lowball salary. That means low-paying industries (healthcare, manufacturing) and the public sector will continue to struggle in cybersecurity recruiting, hiring and retention.
3. Twenty-nine percent said they become dissatisfied with their jobs if their organization does not provide ample opportunities for skills development. Cybersecurity pros know they need continuing education so they can mitigate dynamic risks and respond to ever-changing threats. Employers that eschew skills development won’t be able to retain ambitious dedicated cybersecurity staffers.
4. Twenty-eight percent said they become dissatisfied with their jobs if there is an overwhelming workload placed on the cybersecurity staff. Yes, cybersecurity pros are willing to work hard, but they are also prone to burn out. Employers who don’t manage workload and expectations appropriately will find their best infosec people chasing more humane opportunities.
5. Twenty-six percent said they become dissatisfied with their jobs if their organization treats cybersecurity from an IT perspective with little or no input or interaction on business process. Like #1 above, cybersecurity professionals need to understand the business and business processes to build the right controls and gain the right level of security oversight. Lacking this, they become dissatisfied.
6. Twenty-six percent said they become dissatisfied with their jobs if their organization does not provide opportunities for career advancement. In other words, cybersecurity professionals want career progression, not dead end jobs.
CISOs should survey their cybersecurity staff to see how they rate in each of these areas. Those who find their organizations lagging have a stark choice: Fix these issues or watch key cybersecurity staff members move on to greener pastures.