There is some exceptional talent in the cyber security space. Much time and effort goes into securing the right skills for your critical roles. Still, according to an ISACA study, 66% of cyber security departments find it difficult to retain security talent. So how do you ensure the acquired skill stays within your team and remains an asset to your organisation? You may be surprised to find that the effort required to do this starts early in the recruitment process.

As a recruiter, I have some influence on the factors that contribute to staff retention. However, this influence is limited to before an offer of employment is made and accepted. It then becomes the responsibility of the hiring manager and organisation to ensure that an environment is created to harness and promote good staff retention. In fact, the components of retaining a team start far before an offer of employment. It starts at the beginning of the recruitment process, as my conversation with Stephen Khan would suggest.

Stephen Khan is a well-respected Head of Security and executive leader who has performed this function for several FTSE 100 firms. Stephen has had a global remit for over a decade and has grown, supported, mentored, coached and retained high-performing teams: Who better to share their thoughts on how to retain security talent.

Staff retention cannot be considered without looking at the current cyber security job market climate – as we all know, if jobs are scarce, it is a lot easier to keep your employees. There have been many studies and articles detailing the global skills shortage in Cyber Security. The number of unfilled vacancies is expected to be at 4 million according to (ISC)² by the end of 2021.

Cyber security is an industry where the skill shortage directly correlates with an organisation’s ability to defend its assets, data, and people. A recent global study by the Information Systems Security Association (ISSA) confirms that 57% of cyber security professionals felt that the skill shortage impacts their organisation while 10% report a significant impact.

With the emergence of new technologies across industry sectors, tighter regulations, increased nation-state attacks, record levels of home working, and supply chain vulnerabilities, it’s a logical expectation that the number of unfilled security positions is set to rise. What this tells us is that security professionals are in high demand.

With so much attention on hiring, equal, if not more, attention should be spent on retaining your staff. Stephen reminds us; the skill shortage has a direct correlation to a firm’s retention levels.

Professionals in our industry are very fortunate in that there is demand for their skills…

Because security experts are continuously presented with opportunities from other organisations, they will not stay with you solely for financial remuneration. There will ALWAYS be someone willing to pay more. As such, staff retention is something within a hiring manager’s circle of influence, so this is where we must focus:

It’s all in the alignment of values

Stephen states:

It is important to ensure an alignment of values and core principles between the organisation and its employee’s. If people don’t feel that they are aligned, they can’t enact positive change or support the organisation in it’s vision and strategy.

As a head-hunter, I can attest to this. The decision to leave a security role rarely comes down to remuneration; Flexible working arrangements, clarity of expectations, and career development expectations are top of the list, all tied to company values, company culture, and leadership capabilities.

Stephen discusses the crucial part an interview plays in assessing if there is an alignment of values. Much more than just learning about the role; it’s an essential tool in identifying if an organisation shares your values and for hiring managers, to assess if the candidate shares the values of the organisation you are representing.

It is a two-way conversation; [especially at the senior level] It’s about the meeting of minds and a resonating of expected outcomes; that falls in both camps; both the interviewee and interviewer.

If there is a misalignment between company values and that of the employee, this is likely to be a short-term relationship that can be fraught with difficulty and upset the status quo. It is the role of the hiring manager and fellow stakeholders to select candidates who share the organisation’s values. However, this is not a one-way street; it’s not untypical for a candidate to withdraw from the selection process because the organisation does not share THEIR values.

Two-way conversations and alignment of expectations are recurring themes in the discussions with Stephen. He further stresses the importance of a manager understanding their staff’s career trajectory and goals and supporting them to achieve this.

It’s important to gain an understanding of the individuals’ aspirations. If they want to become a Security Engineer down the line, what are the skills they need? What if the firm could guide and coach and find somebody to help them with that?

It’s crucial to empower people to do their best work by supporting the areas that require development; for example, if you want to improve in stakeholder management but have challenges concisely delivering information; it is my responsibility to see how I can support you; This may be one-on-one tuitions on how to deliver content, or finding a mentor in a different area to help you to ensure there’s no conflict of interest.

Stephen illustrates the benefits of empowering individuals, such as the promotion of new ideas, new initiatives seeded and supported by a team who feel valued. Consultancy research shows that engaged employees are more productive, resulting in a 21% increase in profits.

… I think all these things are important, but underpinning it all, is actually saying to people that we care about you. Yes, we care about you, not just the output for the firm, but we care about you as an individual.

To achieve high levels of staff retention, there must be an alignment of values, clarity of expectations, and opportunities to grow and develop. The interview is key to discovering if these align. The interview allows the hiring manager to understand the candidate’s motivations better. It also provides the candidate with a firm picture of what is expected and if it is an organisation suited to their values and trajectory.

Top Tip

Not to give away my trade secrets, but here are a few of my favourite interview questions I advise applicants to ask their potential managers.

  1. “What are your expectations in the first three months?”
  2. “And what are your expectations in the first six months?”
  3. “How do you measure success?”

If the answers to these questions seem unrealistic or far-fetched, the company isn’t for you. There are no set rules on what should be expected in the first few months, but the answer is indicative of an organisation’s culture. Culture is intangible, but this is a simple question that will help you to “quantify,” measure, and compare with other companies you may be in discussions with.

Hopefully, you will have found my discussions with Stephen helpful or at least food for thought, but if you have any further questions on how to understand the alignment between your company values and potential hirers, please feel free to reach out.

Thank you, Stephen, for your time.

Back to Publications

More Publications

The Business Skills Security Leaders Need and How to Build Them

Read more

Were you aware of these Cybersecurity awareness days?

Read more

5 People-Focused Ways to Build a Robust Cybersecurity Culture

Read more