One of the primary responsibilities for CISOs is designing the right security org structure that adequately meets the needs of the business. Chief among the decisions surrounding org design is finding - and perhaps, more importantly, retaining - top talent to lead the various functional areas across the team.
Retention of Across InfoSec is an Ongoing Concern
In our most recent annual CISO Compensation and Budget Survey, 1 in 4 respondents indicated vacancies among their functional leadership positions.
Cyber talent shortages remain unabated, driving up competition among employers. As a result, security leaders are at risk of losing functional leaders to higher-paying positions with more flexible working conditions. To help mitigate this, CISOS should consider focusing on the top-end of the compensation scale. However, compensation is just one the major drivers of job satisfaction that supports retention strategies.
Career Development Drives Job Satisfaction
Our research uncovered 5 key criteria that drive security leaders’ overall job satisfaction: compensation, security budget, career development, executive visibility and organizational support. The levels of satisfaction for each of the drivers varies strongly between the low-risk and the high-risk groups.
Our study found that higher levels of job satisfaction coincide with high retention rates. Among the criteria that drive overall satisfaction, survey respondents consistently indicated organizational support for career development as a key satisfaction driver. Career development satisfaction is higher overall for security staff who engage in or have completed leadership training with certification or one-on-one executive coaching. Organization-encouraged training and development programs with a certification, are ideal methods to help boost job satisfaction for career development.
Nick Kakolowski, Senior Director of Research at IANS explains, “staff is absolutely critical. CISOs regularly tell us, ‘We need to find ways to retain our people.’ That’s really where they talk about training. A nice advantage is that the chuck of your budget spent on training provides huge value towards retaining staff. The cost and headache of hiring is so high that the overarching value of spending on and building up your staff is just so great relative to other parts of your budget.”
Best Practices to Retain Security Talent
Security leaders struggling to retain cybersecurity talent can try to focus on the individual goals of both potential and existing security team members. Be open to the fact that not every individual wants the same thing from their career and you’ll gain the ability to build collaborative professional development roadmaps with your security staffers. Best practices to retain security talent include:
- Building professional development tracks and training certification programs that speak to the individual employee's career expectations
- Finding cross-training opportunities with other department members.
- Incorporating performance goals into a comprehensive training plan.
- Gaining an understanding of what your leaders’ careers goals are and help them build a plan to execute that vision.
CISO’s, use this data as a guide to better inform executive leadership about the importance of training and career development as a key job satisfaction driver and their effect on security leadership retainment.
CISO Compensation & Security Budget Benchmark Survey
Do you want access to the most up to date security staff benchmark data? Join hundreds of your fellow CISOs across the U.S. and Canada and take the IANS CISO Compensation and Budget Benchmark Survey.
Survey respondents will receive a series of in-depth reports featuring new takeaways, uncover a wealth of insights and find valuable leadership guidance to fine-tune your current security budget and department, as well as your role and career path.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.