There are nearly 900,000 cybersecurity professionals in the U.S., with nearly 400,000 unfilled jobs looming. According to a recent 1,200 person survey, 72% of tech workers are thinking about quitting their job within the next year. Another survey reported by Inc. softens this percentage blow, finding that 40% of tech workers have already quit or plan to do so in 2022.
Equally concerning, however, is that understaffed and overburdened security analysts across industries are facing an onslaught of attacks, and many simply don’t have the resources to combat them.
So how can CEOs leading cybersecurity and other organizations turn this narrative around and attract and retain the right cybersecurity talent to win the race against cybercriminals? Luckily, there are several actionable paths:
- Rally your people around the mission. Cybersecurity is a mission-oriented business. It’s the only sector in IT where there are bad actors every day trying to beat and take down your product to gain access to customer data. Companies in every industry should be able to relate what they do to something that makes the world a better place. Rally your employees around that mission. This is also a time for all of us in leadership to focus on how to build an emotional connection with our employees, many of whom are feeling more disconnected than ever before, especially in an industry where so many people are now working from home. Do executive and team off-sites when you can. Encourage open communication lines. Listen to your people about what they are working on towards the mission.
- Embrace the hybrid work model. One way to attract more cybersecurity talent is to give employees the flexibility to live and work wherever they want in their country of residence with options for global mobility when needed. Companies like PwC, Facebook, Twitter, Google, Microsoft, and Zillow have led the charge in 2021, announcing work-from-anywhere policies. These times have created an enormous opportunity for the CHRO to partner with other leaders to develop a well-planned and communicated work-from-anywhere policy. Recognize that our new distributed workforce puts more pressure on the company and its leaders to figure out how to stay connected, and ensure that all employees feel part of the culture and the mission.
- Fix the diversity issue. We all know there is a lack of diversity in high tech and cybersecurity, so how are we going to fix these issues to keep attracting top talent? Fighting cyberthreats, like any challenging endeavor, requires diverse teams with different perspectives to create long-lasting solutions to problems. Create the kind of culture that attracts and retains a more diverse pool of candidates; everyone, regardless of their background, wants to work at a place where they feel psychologically safe to contribute and communicate their knowledge and perspectives. Be sure your HR and other leaders are equipped to go the extra mile to also find diverse cybersecurity talent. The more diverse you become, the more people with diverse backgrounds will want to work at your company. Recognize that this also puts more focus on the CHRO, who must help foster an environment where all employees feel welcome, supported, and capable of doing their best work.
- Employ military minds. Many of the most successful people in cybersecurity came to their roles with a deep military background. They understand cybersecurity can be a complex game of cat and mouse and know how to fight the adversaries and win. The cybersecurity companies that hire them understand that the adversaries are often state-sponsored and have military backgrounds, too. The current veteran unemployment rate sits at nearly 4% as of November of 2021. It’s an incredible group of candidates to attract and retain. Veterans are goal-oriented, trained leaders, who take responsibility seriously and are helping the top cybersecurity companies and their customers fight against cyber attacks from nation states like China, Russia, Iran, and North Korea.
- Invest in your security analysts, machine learning-driven analytics, and automation. Breaches have become more sophisticated and they trigger problems much more quickly once inside an organization. The recent Apache Log4J vulnerability is a great example of how hackers can use these unknown vulnerabilities to get in through a backdoor that the world of business, government, IT, and cybersecurity professionals didn’t even know existed. The only way security teams can keep up is by embracing machine learning and AI into their security operations teams’ response. The tools in this area have improved radically and cyber teams need to automate their security operations to defend against insider and external threats.All CEOs in the cybersecurity industry can build and foster diverse cultures that help turn The Great Resignation around. Our industry can take advantage of the fact that a lot of passionate people of all ages and experiences are on the market right now, looking for more fulfilling work — people who would love to join our industry’s cause to stop the adversaries from continuing to damage and harm the world through cybercrime, attacks, and other careless actions. We need to keep an open mind about hiring practices and create work environments that deliver a sense of belonging and purpose.
Micheal DeCesare is the CEO and president of Exabeam.