The most important thing that we do as cyber security
leaders is recruit high quality talent. The second most important thing that we do is
work to retain that talent.
How does a leader retain talent in an often crazy market with a
shortage of cyber security professionals?
To me, there are
three fundamentals to success. Each is so fundamental that, in my mind, they can’t be
prioritized into an order.
Compensate people fairly. Doesn’t have to be top of market but can’t
be bottom of market either. Compensation also can be accomplished through meangful things to employees - company ownership, benefits, flexible hours, remote opportunities, etc. "Fairly" also means that people understand the
criteria for more pay (either annual increases or promotions) they’ll be evaluated
against that will be equally applied across similar cyber security disciplines.
Perhaps when focused on building maturity,“consistent independent delivery of meaningful,
well thought out scoped work relative to their level without security friction” is high
on my list. The closer that employee results are to that standard and relative to their level and peers, the larger
spoonful I work to give them. The team has to know the standard and you have to
stick with the standard that you’ve communicated. Your best people, the linchpins to your
program’s success, shouldn’t have to be constantly begging for raises if they
are consistently performing at your standard.
Details matter: Never underestimate the ability of the team
to know if you have a vision. Also, don't underestimate their ability to see through your real motivations. Do you have a clear plan and priorities that make sense to the team? Can the team see where
they are against the execution of that plan? Are you transparently contributing
to your team’s success? Playing favorites? Are you working to make them more successful? Making or supporting decisons that reduce
or increase their distracting work? When you have a chance to push back against an issue
that impacts the team negatively, do you push back with some level of risk to
you? Does the team feel like you have your own skin in their game? The key here
is that it is easier to retain top talent when they feel that you are directly involved
in helping them be more successful.
Train the team: Cyber security is a field in which the level
of training that practitioners have matters, especially to the employees on your team. That means, "every team." Of course, the issue is
that cyber security isn’t cheap. First, there are a lot of local and regional training
opportunities and conferences that aren’t expensive. Make time for team members
to attend those whenever possible. You can also bring instructors to your
facility to train your team and even partner teams in key cyber security
topics. His way, you’ll only pay for travel for the instructor. We did this to
bring a baseline cyber security certification training course to our facility with
great success. For the more expensive
training, again, stay consistent to your criteria within your available budget.
Great talent can be retained. I also truly believe that
people want to stay in organization in which they feel challenged, appreciated,
and trained while at the same time, expectations around pay and training are consistently
communicated and followed by a leader that has their interests and career
growth in mind.
The levers to keep your talent are yours to pull as a cyber
security leader.
Make a difference for your team today.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment