Within cybersecurity, particularly security operations, people, processes and technology are the core components for its success. Within any type of organization, cybersecurity or otherwise, the key to keeping employee turnover low and contentment high consists of four common focus areas: compensation, advancement opportunities, training, and environment. Within security operations, while processes can be documented and technology purchased and implemented, the key factor that remains the status quo at any one time is its people. They are the X factor in the equation.

If you have worked in security operations for any length of time, you will know the value that a key individual can hold within a team, and how people can essentially make it or break it. A highly skilled, long serving analyst empowered to do their job well, and motivated to learn new skills will prove to be invaluable for the organization, and more importantly the security teams when it comes to investigating complex threats. In addition to this value, the knowledge they have gained over the years of working within the organization’s infrastructure is worth its weight in gold. With this in mind, one of the most critical factors for the success of a security team is employee retention, especially within a complex, fast-paced and somewhat unpredictable environment.

It is a well known fact that there’s a chronic shortage of skilled security professionals, and this statement seems to persist in the past few years. It has been so overly emphasized, that it has perhaps lost its main idea - it’s not that there are not enough people to fill in empty seats in a security team - the truth is, there's a shortage of highly skilled employees.

So, how can we address this? Below are some key factors to consider in solving this pertaining security industry pain point.

Compensation

Even though compensation is not the only factor employees consider as part of career satisfaction, it still shouldn’t be taken for granted. Keeping the best-performing employees also means enabling competitive compensation across the board, and monetary compensation is only one example, with salary being its most obvious form. But keep in mind that employees are increasingly focused on other areas of monetary compensation when evaluating their satisfaction. Bonuses, retirement, paid time off, flexibility and various types of employee benefits are very effective ways to boost satisfaction when an increase might not be an option. These methods of compensation can be quite effective when are as part of a well-planned incentive or reward plan.

Advancement and Promotion

Employees driven to succeed and advance are an invaluable asset to an organization, and this should be rewarded with presenting different opportunities. Traditionally, promotion was seen as the obvious choice when it comes to rewards, aside from the financial ones, but not everyone aspires to be a manager or should be a manager, and this fact shouldn't inhibit an employee’s chance for advancement. This is particularly true in technical fields such as security operations, where some employees might wish to improve their technical skills, because skills in managing technical problems doesn't always translate to skills in managing people.

There should be a clear definition of these paths and focus on providing equal opportunities for those who aspire to advance to management, as well as those who aspire to advance along a technical path. In this way, employees will have a visible route from where they are now to where they want to be in the short, medium or long term future.

Training

Training is critical for the organization itself. The constant cyber threats we face are rapidly evolving, and continuous training is key to keeping up with the pace. Aside from the obvious benefits to the organization itself, training can play a critical role in employee retention. Analysts who continuously want to learn are exactly the kind of employees an organization should try to keep, and be able to motivate them constantly.

Conferences and events are great ways to continuously educate your security professionals. However, these options often come with a high cost and may be a luxury an organization can't afford. In these cases, it could be effective to use such events as a compensation for senior or high-performing employees.

If these types of training are out of reach for your organization, providing other methods of education throughout the year is crucial. Most employees will surely have a unique skill set and knowledge that other employees can benefit from. Internal training conducted by the organization’s own employees can be a productive way to fill the training gaps and transfer knowledge between team members.

Another proactive and highly effective way to provide employees with an understanding and appreciation for the roles of other teams and build relationships is internal training between groups within the company/organization. Introducing technical exercises and scenarios are an effective way to reinforce technical skills and encourage competition. Moreover, subscriptions for online training or education platforms that can be used on-demand are also a good option to feed those analytical minds.

Environment

Going back to the beginning of this blog post for a moment, we said that proper processes and technology can have an immensely positive impact on the environment. Clear, well-documented processes provide employees with realistic expectations and stability. When implemented correctly, technology can greatly reduce the mundane and repetitive workload and stress level on employees who often work in high-pressure, overloaded environments.

Fostering a collaborative, respectful team environment between all staff members including management can have an enormous impact on the efficiency of daily operations, and on the overall employee retention. This is especially true in security operations, where employees often work closely with those inside and outside of their teams and trust that all team members are performing their tasks effectively.

Whenever possible, the physical environment should also be fully optimized; this means providing adequate space, good lighting, collaborative spaces, and proper work areas. In an office environment, this can be easier to achieve. With the increasingly remote workforce in many security operations teams, controlling the environment can pose a much bigger challenge.

Although the physical space may be out of reach for remote employees, organizations can still ensure that remote employees are properly educated on optimizing their home office and with access to the best technology and accessories to make them even more effective remote employees.

Please enable JavaScript to view the comments powered by Disqus.