• Employee Retention Strategies for CISOs

    February 12, 2021 | Joe Sullivan
  • Employee retention of top talent should be on the mind of every CISO today. Recruiters are focused on coaxing the best employees away from organizations due to the perceived skills shortage in the information security industry.

    When an employee approaches you about an offer from another company, how should you handle that situation as a CISO?

    One approach is to analyze the company and the offer with the employee. This helps sort out the pros and cons with making a career impacting move. Questions like is this a lateral move, a step down, or a step up in their career are important to answer.

    OSINT for Employee Retention

    Open Source Intelligence will tell you a lot about the rival company. Taking a look a their web site should lead you to their social media presence (if any) and the names of the leaders in the organization.

    Does the company have a large social media following and are they active in the information security community can reveal a lot about the organization. Things such as culture, company size, and conference involvement can give clues to what it will be like to work in the organization.

    Go work Here and not There

    If the research determines that the employee is making a lateral move or a step down move, I would encourage them to apply at their “dream company”. If they are absolutely set on making a job change then they should at least apply at a company they really want to work for.

    As security leaders we need to understand that people are going to move on from our organization at some point. Part of our responsibility is to set them up for success however we can. Sometimes that my mean encouraging an employee to not settle and go for what they really want.

    I would even go as far as reaching out to the CEO of the company they are interested in and personally referring them. We have to support our team members in their career development and personal development, even at times when it might not be in the best interest of the organization.

    Show Notes

    Featured in this episode is Joe Sullivan who teaches MGT514 Security, Policy, and Strategic Planning for the SANS Institute and Stacy Dunn who works in the information security industry as a technical engineer for a multinational security company.

    This episode is sponsored by Crossroads Information Security. Crossroads Information Security provides Virtual CISO services, penetration testing, and incident response.