An individual often chooses a cybersecurity career because the job is interesting, challenging, and fits a certain mindset. A natural progression path typically involves a technical employee entering management. Unfortunately, this often leads to people being promoted into roles they are either not suited for or where they don’t want that level of responsibility. Leaders don’t need to be managers, so how does an organization create pathways for the technical employee who does not want to manage people?
Moving on out or moving on up?
COVID-19 took the wind out of many workers’ sails during the pandemic, and work expectations shifted. According to the Bureau of Labor Statistics, in November 2021, 4.5 million Americans quit their jobs, a phenomenon known as the “Great Resignation.” This trend continued into 2022. Tech employees formed one of the groups behind this mass exodus. A 2021 survey from TalentLMS found that 72% of US-based tech employees talked about quitting their jobs over the next 12 months. When asked why they were thinking of leaving, almost 60% said it was because of burnout. If you put technical employees into management roles that they are not interested in or do not have the skills to perform, they will become disillusioned and unhappy. The result is that they will look elsewhere for work. Technically-minded folks are like gold dust, especially with a global cybersecurity skills gap of 2.7 million, according to the latest (ISC)2 report. Organizations cannot afford to lose talented and skilled employees. The loss of qualified employees who know how to stop a cyber threat from becoming a cyber incident could be critical. But how does the retention of technical staff translate into policies and actions? Here are some actionable insights into keeping your technical staff happy without having to make them managers.
Actions matter: giving technical employees a reason to stay
Creating an environment at work that wants to make a technical employee stick around is easier if you understand their motivators. Leo Van Duyn, cybersecurity and technology workforce development strategist for JPMorgan Chase & Co., explained how an organization and its employees could leverage the NICE Cybersecurity Workforce Framework (NCWF) to retain employees. The NCWF provides a framework that standardizes how a workforce is developed, including mapping competencies to roles. Van Duyn explains that the framework is used to assess how employees are doing in a role, and this data is then used to guide the development of an individual or group. NICE Cybersecurity Workforce Framework: Close your skills gap with role-based training Understanding how well people are doing leverages opportunities to expand their role; Van Duyn gives an example: “If people are doing well in a particular technical role, leverage them for mentoring.” Van Duyn also explains that Chase & Co. uses training data (aligned to the NICE framework) to capture an employee’s mastery of NICE statements. For example, an employee may already know 20 of the 30 things needed for a particular job. That gives an organization data-focused evidence that managers can use to discuss career progression with employees, allowing them to map skills to roles. NCWF also shows missing abilities needed for that employee to progress into a specific area.
Best practices for keeping technical staff inside your organization
The NICE Cybersecurity Workforce Framework lays a foundation for building solid technical teams. Together with the best practices outlined below, it can help an organization engage and retain technical employees:
1. Offer further training and education
People appreciate education and training; an organization that provides opportunities to learn new skills or improve existing ones will engage employees and strengthen relationships with management. The TalentLMS survey found that 90% of tech workers wanted their companies to offer more educational opportunities. Conversely, the (ISC)2 report found that only one-third of organizations expect to invest more in employee education this coming year to address workforce gaps. Educating technical employees is a win-win-win, with the employee becoming more skilled in cybersecurity, the company benefiting from this skill, and an improvement in employee retention. This gap between expected education opportunities and companies offering training opens a competitive edge for any organization offering staff further training and education.
2. Build a career pathway roadmap for technical employees
The NCWF uses assessments to establish the skill set of a technical employee. The NCWF breaks down technical staff’s cybersecurity work into seven areas:
Securely provision Operate and maintain Oversee and govern Protect and defend Analyze Operate and collect Investigate
These areas are further subdivided into work roles with the type of skills required for each role. Assessment using this framework gives an organization a blueprint that helps define required skills and who is best at doing what job. This can be mapped to employees, making their strengths (and weaknesses) visible; as Van Duyn explains: “Assessment data for an employee can be used against other roles that use the same taxonomy, allowing them to see themselves in second, third and fourth careers in the same organization, so the knock-on effect is to let people feel longevity and see themselves in other roles and develop better career paths and mobility options for themselves to control their development within your corporation.” This blueprint provides the information needed to develop career pathway roadmaps in your organization that do not force technical employees down a management route.
3. Create a technical tier system
During the development of this career pathway, the roadmap should provide a way to allow technical employees to move between different levels of ability. Many technical employees actively look for new challenges. They should also be able to capitalize on new skills or training opportunities. The design of the tier system should offer new responsibilities that include non-management roles and higher pay. By providing a clear career pathway that keeps technical staff engaged in their core strengths, technology and security, a company will ensure that technical employees focus on internal opportunities instead of external ones.
4. Encourage a work-life balance
The survey from TalentLMS showed that a third of tech employees would quit their jobs unless offered remote work options. A work-life balance is not an on/off switch. It is about reflecting on the current life stage of an employee. For example, employees may want to have children, or some may need to deal with serious family health issues. By offering flexibility around a life situation or stage, your organization is more likely to retain talent. Most life situations are transient, and you can expect loyalty if you show empathy for a technical employee’s life situation.
Stay focused on technical employees
It can be easy to sit back and let technical employees get on with the job. But taking your eye off the ball can cause a previously dedicated employee to lose faith in the company and themselves. For example, suppose you move a technical employee up the ladder into a management position. In that case, they may struggle but say nothing until they leave the company as an unhappy ex-employee. Instead, create structures that allow technical staff to excel — give them a reason to stay. Build strength through understanding, education, training and empathy. Build bridges that make the most of your highly skilled technical staff, and you will reap the rewards.
Resources:
2021 (ISC)² Cybersecurity Workforce Study U.S. Bureau of Labor Statistics TalentLMS survey NICE Cybersecurity Workforce Framework: Close your skills gap with role-based training, Infosec interview with Leo Van Duyn Infosec topics covering the NICE Cybersecurity Workforce Framework