A few months ago I wrote about burn out in Cyber Security. I shared an article by George Platsis on how people in the industry and being affected and on some steps to help. This is not an issue that is going to go away, but encouragingly it is something that has been increasingly covered and spoken about.
The more it is covered, the more of an open forum we have for looking to solutions and sharing experiences. This is all in amongst the ever increasing conversation about the Great Resignation, which is highlighting the fact that in the US alone there are almost 500,000 open positions in security with nearly 60% or organizations reporting a shortage in their team.
It is one thing to be aware, and the next step is to be proactive. How can you do this? Without over simplifying things there are two areas where you can start - look internally. Do you have a system and environment in which people can express their concerns, and then a process by which to deal with it. Of course not every issue can be resolved, but just knowing that there is a proactive support network can and will make a big difference.
- Identify where the skills gaps are and start to address them, then look at succession planning. To break this down, the skills gaps - do you need to hire externally or can you train people internally, re skill and repurpose? If looking internally do you know how many people would be interested, and where they are (department and geography. Do you have an established personal development plan? Are you keeping track of the ambitions of your employees - if not you could be missing a massive win, for one thing you have the talent there already and you also build an aspirational culture.
- Succession planning - have those discussions internally. If people want to retrain then how long will this take? Identify where skills are light on the ground, where you will be most impacted by people leaving and then, if all of the answers are not there internally...
....Look externally, but do it in a structured way
- If you need to look externally engage with a proactive search partner who is going to provide you with data rich feedback on what is happening in the market. As we do with our clients, we can build that pipeline, can proactively work to promote your brand. You do not want to be starting every new hiring process from scratch.
- Talent mapping - do you know where the next hire could come from? Do you know what your competitors are doing, what their structure looks like? Again, this could be a great tool for you and it is something that your search partner can do.
If there are over 500,000 places then you do not need me to tell you that competition will be fierce. if being proactive was not important to you before (and it should have been) it certainly will be now.
But coming back to my original point and how this ties in to burn out. At some point the equation will need to be balanced with additional people, if your cyber team is burned out they are over worked, will feel underappreciated and will look elsewhere. The chances are the next place they look will be prepared to deal with these issues because they have been proactive in understanding market conditions..
How can I say this? Well, why else would they say yes to the next employer unless they felt comfortable with what they were walking in to?
With security teams already spread thin, we can’t afford for more defenders to leave the industry. There’s a looming skills gap of almost 500,000 open security jobs in the U.S. alone, and nearly 60 % of organizations note being impacted by the cybersecurity skills shortage. With most teams finding themselves understaffed, there’s little time allocated for time off duty even if it’s on the heels of mitigating a major attack.