As an industry, we gripe about hiring and struggle with retention. My colleagues Jeff, Chase, and JB have written about how the cybersecurity staffing shortage is predominantly self-inflicted in hiring practices, while Stephanie and Claire have written about best practices for recruiting and retaining women in cybersecurity.
Recruiting and hiring is one part of the equation. You maintain your security edge by what comes next: developing and retaining good employees. When I first dug into this topic a few years ago, it was already clear that a competitive salary alone wasn’t enough. Security vendors were also doing their best to foster clear career paths, offer training opportunities, and support a flexible work environment to attract and retain cybersecurity talent.
Research In The Works, With A Preview Coming Soon
I’ve started updating research on developing and retaining cybersecurity talent and will offer some initial highlights at Forrester’s Security & Risk 2019 Forum on September 12 before publishing a full report later in the year. This research will:
- Examine current challenges with developing and retaining cybersecurity teams and highlight future skills that will be important to develop.
- Look at strategies for building business justification for investing in people and skills development.
- Provide examples of different types of training and skills development opportunities, with cost estimates where available.
- Outline measures security leaders and teams can take on every budget to provide skills development opportunities for cybersecurity staff, support the conditions that enable employees to be successful in their roles, and improve retention.
Participate In The Research!
I’d love to connect with security and risk professionals to hear about your experiences — the good, the bad, and what your employers do (or don’t do) that provides you opportunities for development and makes you want to stay with your current organization. And if you’re a CISO or security leader, what are your challenges or successes when it comes to security team development and retention?
Leave thoughts in the comments! Share what makes you happy with your role and what you feel your manager or organization is doing right. For those interested in participating in a 30-minute (anonymous) research interview, please reach out via email. I’m happy to send you a complimentary copy of the published report in exchange for your participation.