Forrester has released new research that describes how finding security talent is essential to a security team’s success and minimizing risk to an organization. While today’s cybersecurity’s self-inflicted staffing shortage is reversible by casting a wider net and changing hiring processes, it’s not enough. Once rare talent is found, time must be invested by organizations to lead and retain them. Falling back on lazy retention practices will result in, among other things, a toxic team culture that introduces risk to the organization.

Forrester has found that:

  • Investment in leadership and retention mitigates the risk of losing security talent. This can be done on any budget.
  • While technical training for cybersecurity teams is important, areas like privacy and communications in training and development will be critical going forward in a world of automation and artificial intelligence.
  • Security leaders must prioritize building positive team culture and environment.

Forrester adds that toxic culture abounds given the pressure and stress security pros face. To keep security pros motivated and creative, CISOs must take the responsibility of driving and maintaining good security team culture, including removing the causes of a toxic work environment and recognizing it takes investment in leadership to turn things around.

If interested in receiving this research, or connecting further with a Forrester analyst, please email