As a business leader, you likely understand the importance of protecting your organization from cyberthreats by leveraging the knowledge and skill of InfoSec professionals. Yet, building an effective cybersecurity team to keep your business safe is easier said than done. The rapid growth in the InfoSec industry has led to a major shortage in professionals sufficiently skilled to provide reliable service; if you are lucky enough to entice a qualified InfoSec professional to your team, there is a good chance that they will split for a better position after a few months — unless you take steps to make them stick.
Fortunately, it is possible to develop a work environment that compels InfoSec workers to stay put. Here a few tactics you might use to make positions on your InfoSec team more attractive to top talent and to keep your talent in place:
Every member of a cybersecurity team has different motivations. Some relish the opportunity to solve problems; others enjoy the high wage opportunities of the field; others still are looking for prestige from a rapidly developing career track. CISOs and the cybersecurity leaders who report to them need to develop an understanding of those distinct motivations and find ways to spark them to drive employee engagement and performance. Getting to know employees on an individual level will provide more information about their unique motivations — and it will also drive other valuable insights, like preferred communication style, personal goals and more.
Investing in Professional Development
InfoSec is growing rapidly, and advanced opportunities abound for those with any experience in the field. Rather than looking to external hires to fill emerging positions up the cybersecurity chain of command, CISOs should invest in the professional development of their existing staff. For a CISO, cybersecurity teams are an outstanding source of talent; not only do current employees understand a company’s culture and processes better than an outside hire, but they will be less expensive and more committed to organizational success. CISOs should create professional development programs, to include trainings, education benefits, conference attendance and more, to help their teams continue to acquire the skills they need to reach their professional goals.
Offering Mentorship Opportunities
Studies have found outstanding benefits from mentorship programs, for mentors as well as mentees. Both sides of the mentorship experience gain enhanced self-confidence and self-awareness, stronger communication skills, exposure to new and valuable perspectives and more. Workers who have valuable mentorship relationships will be loath to leave them for roles in other companies that might not offer the same opportunities for personal and professional growth. CISOs can handpick promising cybersecurity leaders and workers to mentor directly, but they should also make it easier for all members of their cybersecurity team to develop mentorship relationships within the company.
Cybersecurity has a diversity problem, with the vast majority of professionals in the space being white, male and young. Unfortunately, leaders tend to hire workers who look and act as they expect cybersecurity workers to look and act — which means they tend to prefer (consciously or not) white, male and young job applicants. CISOs who commit to curating a diverse cybersecurity team will earn respect and admiration from cybersecurity professionals who are more often overlooked in the hiring process. Even better, a diverse cybersecurity team will bring diverse perspectives, allowing for new and creative solutions to InfoSec problems.
Recognizing Good Work
After insufficient pay, a lack of appreciation is among the most common reasons cited by workers leaving their jobs during the Great Recession. Every person needs to know that their contributions are valuable; they need to have their work recognized by their peers and superiors, or else they will begin to disengage, allow their performance to decrease and eventually search for employment that provides more satisfaction and support. CISOs are responsible for creating a culture of recognition, which involves showing gratitude for the effort of every team member and encouraging small and large acts of recognition for every type of contribution.
As CISO, you must develop a strong and comprehensive cybersecurity strategy — but you also need to maintain a team of cybersecurity professionals to execute that strategy. By using the above tips, you should be able to retain your top talent and achieve cybersecurity success.