Tommi - Fotolia
A recent headline claimed that nearly two-thirds of all IT staff members are actively looking for a new job within the next two years. If this applies to security teams, then security managers need to be prepared to lose more than half of their staff. What can companies do to prepare for ongoing staff departures? How could they potentially prevent it?
There can be a lot of disruption to an organization when a long-standing employee leaves for another opportunity. There is a limited supply of trained information security professionals available, so there is a good chance that many staff members will be leaving within a few years. Although a little turnover can be healthy for an organization, security managers are going to have to try some new tactics to retain top talent and keep their departments from becoming a revolving door. Some changes to departmental procedures may be necessary to maintain information security integrity when key personnel inevitably move on to new opportunities.
A more effective staff retention strategy to keep top security talent is to offer access to training and conferences. Good security practitioners want to continually improve their skills and learn from other security experts. Many security managers are paying for staff to attend popular security conferences like DEFCON or Black Hat. Companies that lack the budget for formalized training can use other creative ways to reach the same goal. Managers can ask for volunteers from the staff to research a specific security topic to present it back to the group on a regular basis. This not only promotes learning but helps create camaraderie between employees.
Most people tend to stay or leave their jobs based on their relationship with their manager. This is just as true in information security as it is in any other profession. That is why it is critical for information security managers to build positive working relationships with their staff. Managers should provide feedback to employees and help them to structure and obtain their career goals. Ask staff to be involved in department decisions and contribute to the overall information security strategy. This type of inclusive management, when done well, may do more to retain staff than any other strategy.
Even with the best staff retention strategies, security managers are going to lose good employees to other opportunities so they must be prepared. Departmental processes must be thoroughly documented so that any team member can perform them; in addition, such documentation will help give new employees a firm grasp of their roles and responsibilities. Managers can also rotate the responsibilities for running recurring processes to other team members, which increases bench strength and offers cross-training opportunities. Proper documentation is critical to help reduce the impact when a valuable employee leaves the organization.
The increasing demand for experienced information security professionals will continue to drive turnover. Although some turnover is healthy, there are ways for managers to retain top talent in the organization. They can offer access to training and conferences to increase employee skill levels. They can build an inclusive management culture in their department based on employee feedback and career goals. Managers will still have to face the harsh reality of losing good employees and should be prepared with detailed documentation and rotation of responsibilities. Good security teams should be able to survive a changing roster.
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Dig Deeper on Information security program management
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.