Reducing cybersecurity staff stress and turnover with continuous skill development
Imagine if 91% of your colleagues thought that, despite their best efforts, their team initiatives would fail. Now, imagine if those same colleagues were trying to develop new skills and succeed — but the majority of them didn’t know if they were learning the right skills to get the job done.
According to two recent studies from ESG/ISSA and Infosec, that sentiment is real amongst the majority of today’s cybersecurity professionals, leading to high levels of employee stress, fatigue and turnover.
What should you learn next?
While the causes of the cybersecurity skills shortage and its impact on job satisfaction vary by region, the reality is this challenge is faced by nearly three quarters of organizations globally. The good news is many of these issues can be addressed — partially or in whole — by delivering the training and career guidance cybersecurity teams want and need.
Here are four things you can do right now to boost employee job satisfaction and retain and attract the talent you need to bridge the cybersecurity skills gap at your organization.
1. Create clear learning paths — and give employees time to learn
In Infosec’s 2019 Cybersecurity Industry Report, 785 security professionals were surveyed about their short- and long-term career goals. Six in 10 respondents lacked a clear career path and 34% lacked confidence in their career goals. Unsurprisingly, security professionals with “a clearly defined path to advance their career” were more confident in their career goals, more confident in their cybersecurity skills and spent more time learning compared to peers without a clear career pathway.
Interestingly, ESG and ISSA’s 2019 study, The Life and Times of Cybersecurity Professionals 2018, revealed that “while 93% of survey respondents agree cybersecurity professionals must keep up with their skills or else the organizations they work for will be at a significant disadvantage against cyber attackers, 66% claim that cybersecurity job demands often preclude them from skills development.”
By proactively helping your employees set learning goals and career-path milestones — and giving them adequate time to learn new skills — you’ll help boost job satisfaction. Furthermore, the ability to better keep pace with the rapid rate of technology change will boost employee confidence in their skills.
2. Develop new talent to ease the workload
Just 8% of the respondents in Infosec’s 2019 survey began their careers in an information security role. With people coming into the field from a variety of different backgrounds, it’s not surprising that many organizations are looking outside traditional talent pools to fill open and new security positions.
According to Harvard Business Review, companies like IBM are creating new cybersecurity roles that “prioritize skills, knowledge and willingness to learn over degrees and the career fields that gave people their initial work experience.” They cite the importance of sourcing “unteachable” skills like curiosity and problem solving when filling open security roles, while also reinforcing the need for continuous learning.
Whatever your approach, establishing a unified framework similar to the NICE Cybersecurity Workforce Framework will help both new and seasoned security professionals build confidence, gain new skills and transition more easily into future security roles. A unified framework also helps keep employees engaged in skill development while reducing churn — an initiative of increasing importance considering over 75% of security professionals are solicited by recruiters at least monthly to change jobs.
3. Remember the soft skills
New insights into the security skills gap suggest a lack of soft skills like communication and leadership might be the security department’s Achilles Heel. With 23% of security professionals reporting a lack of knowledge of important cybersecurity challenges at the executive level, it’s easy to see how better communication from security teams could improve an organization’s overall security posture.
When building your cybersecurity employee development program, remember that an effective security strategy requires more than just investment in technical skills and tools. Business acumen and emotional intelligence are just a couple of the soft skills needed to both obtain executive buy in for new initiatives and ensure other department leaders understand the impact of wider-reaching programs like employee security awareness and training.
4. Build a culture of security at every level in your organization
It’s widely accepted that human error continues to be the leading cause of data breaches. But what’s often overlooked is that most of these mistakes could be avoided with the right security education for the right people at the right time.
When prompted to disclose the common causes of breaches at their organizations, 34% of respondents in the ESG and ISSA study cited a lack of end-user training while 24% said they can’t keep up with a growing workload.
Cybersecurity education for everyone at your organization reduces the chances of preventable incidents like accidental disclosure while also better equipping the security team to manage the tools and assets under their protection. By enlisting help from others outside of the security department through initiatives like a security champions program, you can relieve some of the burden from security teams while increasing job satisfaction and retention.
What should you learn next?
With an effective, role-based security training program for all employees, you can upskill employees and retain talent while building a culture of security across your entire organization.
In this Series
- Reducing cybersecurity staff stress and turnover with continuous skill development
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity