Tuesday, November 1, 2016

On recruiting and retaining talented Cyber Security professionals

I recently read the Center for Strategic (CSIS) International Studies report on Recruiting and Retaining Cyber security Ninjas and have to agree, that in this industry where cyber security professionals are in high demand, we need to find creative ways of not just recruiting but definitely retaining. It also definitely confirmed my view that money is not all when it comes to retaining talented personnel. Things such as having a challenging workplace and definitely training to keep our skillset relevant are absolutely more important.

What I did find surprising was that talented cyber security professionals don't want to have to assume management responsibilities to advance in their careers. This is understandable, as even I was not sure if I wanted to go the management route when it was proposed. However, I've embraced it and have no regrets. This is something though organizations will have to continuing looking at. Maybe there will be a need to create more technical paths that runs parallel to the management path. 

Most importantly and as the report stated, most of us prefer to have a flexible work environment. I believe this becomes even more relevant when a family has to be considered. That flexibility, be it the ability to work from home or work alternate hours, etc is way more important than money.

The biggest takeaway though is that as stated "... even in organizations that pays and treat their employees well, there can be a great deal of disappointment and early turnover." This is further emphasized by "No matter how good a job may be, there are many other employers willing to pay more and promise greater responsibility ...". This definitely should come as no surprise as talented cyber security professionals are truly in great demand. I'm a witness to that on both sides of the fence. On one side being, recruited and the other watching my team members being recruited.


  1. I'll happily submit to a management position since they pay $300K/year with a 15% bonus and annual-equity of $200k/year in the Bay Area. Meanwhile, Palantir (and other Bay Area startups) pay infosec experts way-less than $120K/year with zero bonus and zero equity -- http://fusion.net/story/365009/if-palantir-really-cared-about-diversity-it-wouldnt-pay-its-employees-like-this/

    CISO (and Big-four accounting firm Managing Director) positions in the Bay Area and in NYC pay over $500K/year base. I didn't read into the CSIS report and see where it said that infosec positions don't want to move up. The Mercer Intelligence report (even more-recent than CSIS) demonstrated that many professionals are looking to move up but that orgs are not providing the opportunities fast enough -- http://www.brinknews.com/fighting-for-cyber-talent-in-a-competitive-market/

    This has also been my experience.

    1. Dre,
      Thanks for the link to the Mercer Report. It's definitely a good read and adds more context to the conversation.