The Cybersecurity Human Resources War
James M. Myers B.S., MS, CCISO, CISSP, ITIL
Does your company, organization or enterprise have a difficult time keeping security leaders and practitioners? Does your security team have a reputation as a revolving door of talent? If so, then your business security paradigm must change to meet the prolific demand of talented security professionals. Gone are the days where the new employee expects and/or believes he/she will be working 10, 20, or 30 years for the same company. The new employee does not expect to work for the same company no more than two to three years. Employees are the most valuable asset to the business, and they are the most expensive. The demand for security professionals is extremely high!
Market demand for security professionals is the highest in history. There are approximately 1.2M non-filled cybersecurity positions across the world, with approximately 220,000 of them inside the United States. From a basic LinkedIn search, there are 8,106 open CISO jobs in the United States. These current numbers are growing on a monthly basis with consistent annual increases. The demand for skilled security leaders and practitioners is here to stay for at least the next 5 years.
Unfortunately for senior management, there are large proportions of dismayed/disgruntled employees. Consider the following content taken from a Bloomberg news article dated April 15, 2015:
“Half of all U.S. employees have at some point in their career quit their jobs to get away from their boss, according to a new Gallup study of 7,272 adults. If workers loathe their higher-ups, the feeling may be mutual. Gallup also found that managers weren’t thrilled with their work situation, either. Just 35 percent of U.S. managers said they felt engaged on the job. Fifty-one percent said they weren’t engaged, and 14 percent confessed that they actively tune out at work.” For the more senior employees earning annual salaries of $125,000 or above, the numbers listed above are less.
Couple the shortage of skilled cybersecurity workers with a large percentage of dismayed/ disgruntled employees, the business of effectively securing your business is under duress. What does a CISO have to do to keep his/her valued security practitioners?
Today’s new security employees are looking for security leaders who can instill dynamic and creative change to grow the business. They want the opportunity to cross pollinate their skill sets across the enterprise. They want to be treated with respect and dignity. They want a defined and achievable career path to growth within the company. And they want to be paid according to market demands.
Keeping skilled cybersecurity practitioners requires strong leadership at the CISO position. The new CISO leader must have strong business acumen, know how to collaborate with people vertically and horizontally within the enterprise, and be an outstanding critical thinking technologist. The requirements of today’s CISO are as critical as any other C-Suite professional. For the business to realize an effective security posture through proactive employee engagement, it’s time to present an open seat at the corporate table for the new CISO leader.