4 things you should know about cybersecurity pros

The 5^th annual Life and Times of Cybersecurity Professionals report from ESG and the Information Systems Security Association (ISSA) provides valuable insight into the challenges cybersecurity pros  face, how they see themselves relative to the rest of the organization, and what brings them job satisfaction, among many other data points.

CISOs and other cybersecurity leaders concerned with recruitment and retention would do well to take this data to heart.  

Here are a few highlights from the report that get inside the heads of cybersecurity pros:

• Professional networking really matters. Cybersecurity professionals tend to rely on their professional networks when looking for a job—especially once they’ve gained a few years of experience.  The data reinforces this: When asked which method they used to find their current jobs, 38% of respondents said, “networking with industry contacts,” 24% were contacted by a recruiter, and 22% responded to a job posting.  Hiring managers looking to engage talent should build relationships with cybersecurity professional associations.
• Security professionals want to work for organizations committed to cybersecurity. When asked what factors lead to job satisfaction, the top response was business management’s commitment to strong cybersecurity (43%), followed by competitive compensation (39%), the ability to work with talented cybersecurity staff (33%), and an organization that provides support and financial incentives (32%).  This data reinforces the fact that a cybersecurity culture really matters.  Organizations with this type of culture should be able to out recruit and hire those that treat cybersecurity as a technology cost center. 
• Despite the challenges, cybersecurity professionals are happy. While 60% of respondents agree that a cybersecurity career can be taxing on one’s personal life, nearly 4 out of 5 (79%) of respondents agree that overall, they are happy as cybersecurity professionals.  This reaffirms the fact that cybersecurity professionals truly believe in their mission as defenders of the digital domain.  For all our sakes, thank goodness they do!
• Cybersecurity teams don’t always get along with others. This data is especially troubling and worth addressing.  More than one-quarter (27%) of respondents say the relationship between the cybersecurity team and the board of directors is fair or poor, 29% claim that the relationship between the cybersecurity team and HR is fair or poor, 28% state that the relationship between the cybersecurity team and line of business managers is fair or poor, and 27% believe that the relationship between the cybersecurity team and finance is fair or poor,  I don’t think it’s possible to have a strong cybersecurity culture with friction in these relationships, so executives should dig into their own organizations to find and fix collaboration issues and process bottlenecks. 

Most people who work in cybersecurity are dedicated professionals who love what they do and form a strong bond with other kindred spirits.  Nevertheless, the data seems to indicate that like Rodney Dangerfield, many cybersecurity professionals still don’t get any respect. 

Yup, it’s hard to believe that businesses still don’t get it considering things like the Colonial Pipeline attack, the Kaseya attack, and pervasive ransomware and nation state attacks, but the numbers don’t lie.  The very real concern here is that organizations that fail to embrace a culture of security and mismanage cybersecurity staff won’t be able to recruit or retain talent, leading to increasing cyber risk. 

More from the report soon, your feedback is welcome and appreciated.