You would have to be living under a rock not to notice the cyber security skills shortage lately.    Data from a new research report titled, The Life and Times of Cybersecurity Professionalsa collaborative effort done by Enterprise Security Group (ESG) and the Information Systems Security Association (ISSA) revealed some interesting trends.

  • 67% of cyber security professionals either don’t have a career plan thought out or it’s just somewhat thought out.
  • 98% of survey respondents believe they must keep up their skills or they put their organizations at a disadvantage against hackers.
  • 62% of respondents stated that their organization is not providing adequate training.
  • 49% of cyber security professionals are contacted at least once a week by recruiters to switch jobs.

So notice to all organizations on how to guarantee to lose your cyber security staff:

  • Pretend everything is fine and ignore the negative unemployment rate of cyber security professionals.
  • Maintain your pay scales that were developed in the 70’s based on seniority and performance review number.
  • Ignore the fact, once an engineer becomes certified in a technology you may have to increase their pay 15-20% to reach market rate.
  • Don’t allow your cyber security team to attend security conferences because they are a waste of time and just an excuse to party.
  • Overwork your staff so they don’t have time to maintain their knowledge or gain new perspectives.
  • Maintain the minimum amount of budget for the security spend because there isn’t an ROI attached to it.

There you go.   Guaranteed ways to lose your cyber security staff.

“There is nothing common about common sense.”  Frank Lloyd Wright.