How to reduce security staff turnover? Focus on culture and people

HM Health Solutions CISO Omar Khawaja reduced security team attrition by focusing on a strong culture and providing effective communication channels to management.

Current Job Listings

The unemployment rate of cybersecurity professionals is around zero percent, while ESG reports that half of organizations have a “problematic shortage” of cybersecurity skills. Because of this it’s important for companies to keep turnover as low as possible on the security talent they have.

Omar Khawaja, CISO at HM Health Solutions (HMHS), found that instilling the kind of company culture the employees wanted and having multiple ways for them to communicate their concerns was key in reducing staff turnover in his team. “Often we start with, ‘What does a customer want, or what does the business want?’ The reality is it should all start with the employees,” he says.

“If you have the right people and culture, they'll ensure you have the right processes, and if you have the right process that they're executing well, then your customers will be happy, and if your customers are happy then your business is going to be successful.”

Losing security talent at an unsustainable rate

HMHS is the Pittsburgh, Pennsylvania-based IT subsidiary of health insurer Highmark Health. Set up in 2014, it provides IT services to healthcare providers and payers both to Highmark and its subsidiaries as well as other organizations.

Its 125-person security team is tasked with protecting data on the wider company’s 50 million customers as well as various hospitals, insurance companies and physician offices within Highmark’s network. Khawaja explains that he sees HMHS as Highmark's “burning platform” and sees the business as a startup based within the parent company.

However, despite him viewing HMHS as the most exciting part of the company to work in, the security team was suffering from a high turnover rate. “Our attrition rate was over 30 percent,” explains Khawaja, “I was trying to build a really strong team to meet the needs of the business, and it just felt like I would spend so much effort trying to attract good talent, and then one out of three people was leaving.”

“This was our burning platform that people were leaving. If we can't even retain talent, then what's the point? Nothing else matters if we can’t retain high quality talent that wants to be here and feel like they're doing the best work of their careers,” Khawaja adds. “Something had to give and change because that was just not a sustainable model.”

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.