Last Friday, after a long week of RSA conference events and meetings, I eagerly looked forward to slipping on my headphones and enjoying the relative silence of my flight back to Dallas. As I approached my seat, I saw I was sitting next to a United States Air Force (USAF) officer. I looked at his rank and saw two stars on his uniform, making him a major general. I had a sudden sense of nostalgia and I instinctively wanted to salute him. I resisted the urge, introduced myself, and thanked him for his service.\tOver the next two hours I had the most unexpected and fascinating conversation of my RSA week. It turned out that my fellow traveler is the commanding officer of the\u00a0Air Force Research Laboratory\u00a0(AFRL). According to the website, the\u00a0AFRL\u00a0is \u201cthe Air Force\u2019s only organization wholly dedicated to leading the discovery, development, and integration of war fighting technologies for our air,\u00a0space, and cyberspace\u00a0forces.\u201d We discussed a variety of open source topics, including electromagnetic pulse weapons, cyberweapons,\u00a0Stuxnet, unmanned aerial vehicles,\u00a0USAF\u00a0renewable energy initiatives, as well as national policy.\tWe also discussed some of the challenges he faces, including the retention of research and development staff. Without R&D, the\u00a0AFRL\u2019s\u00a0mission fails. TheUSAF\u00a0cannot compete with the salaries of private-sector researchers and must seek alternative ways to retain and motivate the talent. First, heavy emphasis is placed on\u00a0recognizing and awarding\u00a0staff for research excellence. This creates a sense of pride and accomplishment. Second, the very nature of the\u00a0AFRLmission motivates researchers. These scientists have the ability to directly affect\u00a0USAF\u00a0operations and, in many cases, save lives. What a powerful motivator!\tThere are parallels for security and risk professionals. The retention and motivation of staff is critical for organizations. I am currently conducting research interviews for a report on the security architect role; a recurring theme is that bringing security architects into organizations is a challenge. There is a shortage of candidates with both the business acumen and technical skills necessary to be successful. To recruit and retain these individuals, you must think beyond salaries. Financial compensation is a key component, of course, but what else does your organization have to offer? Can you follow the AFRL model? How will you enable employees to thrive and accomplish their goals? Stay tuned \u2014 I will discuss this in much greater detail when my\u00a0next report\u00a0on security architects is released in April.