When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills. Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!
The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls.
Just what factors alienate cybersecurity professionals, causing them to consider other opportunities? As part of the research report from ESG and ISSA, 437 cybersecurity professionals from all over the world were asked this very question. Here are the top six responses:
- Thirty-five percent of respondents say they become dissatisfied with their jobs if cybersecurity is a secondary part of business strategy, IT initiatives, or the corporate culture. So, organizations that treat cybersecurity as a regulatory compliance checkbox or those content with “good enough” security will likely have high attrition and a disaffected cybersecurity staff.
- Thirty-three percent of respondents say they become dissatisfied with their jobs if financial compensation is less than what they perceive they could make in a similar job elsewhere. For most cybersecurity pros, money isn’t the most important factor for job satisfaction, but given the cybersecurity job market today, they won’t accept a lowball salary. This means that low paying industries (health care, manufacturing) and the public sector will continue to struggle in cybersecurity recruiting, hiring, and retention.
- Twenty-nine percent of respondents say they become dissatisfied with their jobs if their organization does not provide ample opportunities for skills development. Cybersecurity pros know that they need continuing education so they can mitigate dynamic risks and respond to ever-changing threats. Employers that eschew skills development won’t be able to retain ambitious dedicated cybersecurity staffers.
- Twenty-eight percent of respondents say they become dissatisfied with their jobs if there is an overwhelming workload placed on the cybersecurity staff. Yes, cybersecurity pros are willing to work hard, but they are also prone to burn out. Employers who don’t manage workload and expectations appropriately will find their best infosec people chasing more humane opportunities.
- Twenty-six percent of respondents say they become dissatisfied with their jobs if their organization treats cybersecurity from an IT perspective with little or no input or interaction on business process. Like #1 above, cybersecurity professionals need to understand the business and business processes to build the right controls and gain the right level of security oversight. Lacking this, they become dissatisfied.
- Twenty-six percent of respondents say they become dissatisfied with their jobs if their organization does not provide opportunities for career advancement. In other words, cybersecurity professionals want career progression, not dead end jobs.
CISOs should survey their cybersecurity staff to see how they rate in each of these areas. Those that find their organizations lagging have a stark choice: Fix these issues or watch key cybersecurity staff members move on to greener pastures.