A CISO’s Guide to Retaining InfoSec Staff

A CISO’s Guide to Retaining InfoSec Staff

As a business leader, you likely understand the importance of protecting your organization from cyberthreats by leveraging the knowledge and skill of InfoSec professionals. Yet, building an effective cybersecurity team to keep your business safe is easier said than done. The rapid growth in the InfoSec industry has led to a major shortage in professionals sufficiently skilled to provide reliable service; if you are lucky enough to entice a qualified InfoSec professional to your team, there is a good chance that they will split for a better position after a few months — unless you take steps to make them stick.

Fortunately, it is possible to develop a work environment that compels InfoSec workers to stay put. Here a few tactics you might use to make positions on your InfoSec team more attractive to top talent and to keep your talent in place:

Maintaining Motivation

Every member of a cybersecurity team has different motivations. Some relish the opportunity to solve problems; others enjoy the high wage opportunities of the field; others still are looking for prestige from a rapidly developing career track. CISOs and the cybersecurity leaders who report to them need to develop an understanding of those distinct motivations and find ways to spark them to drive employee engagement and performance. Getting to know employees on an individual level will provide more information about their unique motivations — and it will also drive other valuable insights, like preferred communication style, personal goals and more.

Investing in Professional Development

InfoSec is growing rapidly, and advanced opportunities abound for those with any experience in the field. Rather than looking to external hires to fill emerging positions up the cybersecurity chain of command, CISOs should invest in the professional development of their existing staff. For a CISO, cybersecurity teams are an outstanding source of talent; not only do current employees understand a company’s culture and processes better than an outside hire, but they will be less expensive and more committed to organizational success. CISOs should create professional development programs, to include trainings, education benefits, conference attendance and more, to help their teams continue to acquire the skills they need to reach their professional goals.

Offering Mentorship Opportunities

Studies have found outstanding benefits from mentorship programs, for mentors as well as mentees. Both sides of the mentorship experience gain enhanced self-confidence and self-awareness, stronger communication skills, exposure to new and valuable perspectives and more. Workers who have valuable mentorship relationships will be loath to leave them for roles in other companies that might not offer the same opportunities for personal and professional growth. CISOs can handpick promising cybersecurity leaders and workers to mentor directly, but they should also make it easier for all members of their cybersecurity team to develop mentorship relationships within the company.

Embracing Diversity

Cybersecurity has a diversity problem, with the vast majority of professionals in the space being white, male and young. Unfortunately, leaders tend to hire workers who look and act as they expect cybersecurity workers to look and act — which means they tend to prefer (consciously or not) white, male and young job applicants. CISOs who commit to curating a diverse cybersecurity team will earn respect and admiration from cybersecurity professionals who are more often overlooked in the hiring process. Even better, a diverse cybersecurity team will bring diverse perspectives, allowing for new and creative solutions to InfoSec problems.

Recognizing Good Work

After insufficient pay, a lack of appreciation is among the most common reasons cited by workers leaving their jobs during the Great Recession. Every person needs to know that their contributions are valuable; they need to have their work recognized by their peers and superiors, or else they will begin to disengage, allow their performance to decrease and eventually search for employment that provides more satisfaction and support. CISOs are responsible for creating a culture of recognition, which involves showing gratitude for the effort of every team member and encouraging small and large acts of recognition for every type of contribution.

As CISO, you must develop a strong and comprehensive cybersecurity strategy — but you also need to maintain a team of cybersecurity professionals to execute that strategy. By using the above tips, you should be able to retain your top talent and achieve cybersecurity success.


About the author


Steven Ly

Steven Ly is the Startup Program and Events Manager at TheNextHint Inc. She recruits rockstar startups for all TC events including Disrupt, meetups, Sessions, and more both domestically and internationally. Previously, she helped produce Dreamforce with Salesforce and Next '17 with Google. Prior to that, she was on the advertising teams at both Facebook and AdRoll, helping support advertisers in North America and helped grow those brands globally. Outside of work, Priya enjoys Flywheel, tacos, the 49ers, and adventuring around the globe.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Subscribe us

Please wait...
Want to be notified when our article is published? Enter your email address and name below to be the first to know.