As I have written about before, at the present moment, there is a severe shortage of skilled Cyber security workers at the present time. There is something like 400,000 jobs that remain still open. Of course, all of these jobs are all over the board, being that Cyber security is such a broad field.
In order to fill this gap, and also at the same time to get teens interested, many summer camps are being offered as well. There is a huge uptick in colleges and universities now offering cyber security degrees as well, in both management and engineering.
One would think with all of this, that the gap would start to show signs of decreasing. But on the contrary, this gap is still further widening. According to a recent survey by Mondo (a recruiting company), some 60% of Cyber security professionals are now looking at actually leaving their current position in search of greener pastures. There were 9,000 people that were polled.
According to the survey:
*53% claimed that their current work environment is unhealthy;
*46% cite a sheer lack of support and prioritization from the C-Suite (not a surprise here);
*37% claim that their bosses have set forth unreasonable job expectations;
*30% believe that there is a lack of mentorship that exists today;
*Only 38% of the C-Suite is actually engaged in Cyber security engagement and planning;
*67% of the respondents want a better work-life balance;
*55% believe that their ideas and initiatives are not taken seriously by the C-Suite;
*48% would like to see their employer pay for their Cyber security certs;
*34% want an increase in new technology investment;
*31% believes that the CISO needs to take a firm control of the Cyber security landscape.
Yes, these numbers are quite alarming, but let’s focus upon point #’s 2, 6, 7, and 8. In terms of #’s 2 and 7, this is a real issue these days. I come across many headlines and stories everyday as to how to get the C-Suite more involved with regards to the Cyber security at their firms. Many people simply cannot understand why these C-Level Execs (all of them which includes the CIO, CFO, CiSO, CIO, COO, etc.) won’t engage in this.
It even mystifies me to a great extent. Heck, if I had the responsibility to steer the ship of a Fortune 500 company, I wouldn’t want to take the fall in case there was a Cyber attack. I would do everything possible to avoid it.
Many reasons have been cited for this, which include that of their lack of technical knowledge; they think that Cyber threats are not a reality and it won’t hit them; they just don’t know how to create and implement an effective Security Policy, they just don’t know how to communicate with their IT Security staff; they simply don’t care, etc.
In fact, many of my podcasts guests say in my shows that it is high time that the C-Suite steps up to the plate and take responsibility for their actions. In fact, one of them even mentioned that there is a trend in Corporate America these days for the C-Suite to be held accountable by the their respective Board of Directors. One of them even recollected as to how he sat in a few meetings and even he was grilled as to what actions were being taken to beef up the lines defenses at his company. But, it is not the company that is at risk, but the C-Suite is also in grave danger of losing the key talent that they bring on board.
Of course, employees want to feel rewarded for their work in terms of raises and bonuses, but what is even more important to them is that they want to be formally recognized by the C-Suite as well. They want their ideas to be heard to be hear and proactively listened to.
Remember, the human spirit can go long a way once they know that they have been counted in as a team, and know that they are a valued member of it. But don’t expect changes over night, it will take probably years in order to get the full involvement of the C-Suite (hopefully nothing disastrous happens to their organizations during this time).
In terms of #6, yes, it is true that a Cyber security professional can work some really grueling hours, eve worse than the medical profession. After all, the Cyber threat landscape is up and running 24 X 7 X 365, and it never sleeps. Thus, the employees never sleep either. Of course, not every Cyber job is like this, it depends upon which one that you are in.
For example, Penetration Testers work not only long hours, but the mental wear and tear on them is great as well. That is why the burnout is so high in the Cyber security industry. As stated, there are simply not enough people at hand to fill in the void, thus the long hours. This is a gap also that will take some time to fill as well.
In order to bring in some short term fixes, perhaps businesses and corporations should offer raises more often, offer more perks, or even more benefits. Of course, this costs money as well, but in the long run, it will pay off huge dividends.
A company does not want a high turn over rate especially with their Cyber security staff. After all, more time will then be spent recruiting than on focusing upon the Cyber threat landscape. I guess in a worst case scenario, a company could also hire third party contractors to help fill the shortage.
With regards to the last point, #8, I believe that a company should pay for their employee’s cert training and exam costs. Yes, they are expensive, but in the long run, it will bring to you, the C-Suite many accolades in the end.
For example, not only will you have a Cyber staff that will have every cert that will fill the alphabet, but it will also show to your employees that you highly value them, and that you also care greatly about their career development within your firm.
Not to mention, having a Cyber staff with the relevant certs will also show to your customers and prospective ones that you are very proactive about Security. This will not only bring in more business, but it will also greatly increase your brand reputation as well.
Now obviously, small businesses can’t probably afford all of these things I have just described. If that is the case, then try other ways to motivate and inspire your Cyber staff. Remember, you do not have engage in lucrative bonuses. Your employees just want to be recognized for all of the hard work that they do for you, and feel that they are valued.
So perhaps, even having quarterly outings, family get togethers, increased compensation time off, gift cards, small end of year perks and recognition, taking your Cyber staff out to recognition lunches and dinners, and even just a simple hand shake and a pat on the back will go a long way.
Finally, to the employee who is fed up with their current working conditions: This is your job market, and will be so for quite a long time to come. If you’re unhappy, find another company to work for that will meet both your individual and professional needs. Another option: Perhaps start your own Cyber consulting company. This too will take a lot of hard work and effort, but once you start building your client base, it will grow.
Look at me. I have had my tech writing business for 9 years now, and it is still growing. To bring this up, there is another growing area in this field: Cyber Journalism. True any freelancer can claim that they are one, but it takes a unique blend of both technical and writing skills to truly engage your audience.