Invest in skills and allow room for growth: Upskilling also remains a powerful retention tool. As Huber points out, Tenable invests in training entire teams on emerging technologies and capabilities, ensuring that employees feel equipped and valued.Similarly, KPMG has implemented targeted programs to support diversity and career progression within cybersecurity. The firm’s Cyber Women Leads program, for example, focuses on training middle-management female cybersecurity professionals to formalise their leadership skills.In addition to diversity-focused initiatives, KPMG has adopted creative recruitment strategies to address the cybersecurity talent gap. By tapping into adjacent skill sets and providing cross-training opportunities to those looking for a second career or parents returning to work, the company has been able to expand its talent pool. For cybersecurity professionals like Dominika Zerbe-Anders, cyber human risk partner and solution owner at KPMG Australia, opportunities for growth have been instrumental in maintaining her own long-term career in cybersecurity. At KPMG, she has been given opportunities to take on new challenges every few years, contributing to her professional development and job satisfaction.”That’s what keeps me interested. It feels like every three or four years I’ve had a different career at KPMG,” Zerbe-Anders says. “Three years ago, with one of the most amazing leaders that I worked with, we identified that we weren’t doing a lot in the human risk space of cybersecurity. So, I was able to apply for and get seed funding to bring in a whole new service in that human risk management space. It then went global “¦and it’s now been very successful in market. That was one of those opportunities where I saw we weren’t doing anything in the space and I put my hand up and said, ‘I would like to lead this’, and the firm was really happy to invest and back me.””Last year as well, I took a slightly different approach. I moved departments to try help grow and amplify one of the cyber teams here. So, it’s really about being able to continuously move directions, continue to grow, and bring in new people, as opposed to always doing the same thing over and over.”
Financial benefits aren’t always the answer: Interestingly, Budge notes that while pay may naturally seem like a typical retention strategy, and it’s a motivator for the younger workforce, it doesn’t sustain itself as a motivator. Instead, she emphasises the need for purpose-driven work to maintain engagement.”Security team members seek purpose and motivation. Are we making a difference to the organization, to the business value, to the bottom line? From an action perspective, how do we communicate the difference that the team is making, not just to the executives, but also to the team?” she says.”If you’re a leader, are you spending as much time on your team as you are with the executives? You’ve got to go to the trenches because they’re motivated by purpose and motivation. If they weren’t, then you could step away from that. But the reality is security is about purpose. Most of us are here because we believe that we are protecting our organizations, the business, and society more broadly.”
The value of recognition and business buy-in: Embedding cybersecurity personnel into different areas of the business is another effective strategy, Huber suggests. He believes that by working closely with various departments, security professionals can better understand business operations, gain a sense of ownership, and contribute more effectively to organizational goals.Huber adds leadership involvement is crucial in reinforcing the importance of cybersecurity within an organization. He recommends that executives actively engage with cybersecurity teams by participating in discussions and highlighting the value of cybersecurity initiatives. He says when CEOs and senior executives advocate for security, it demonstrates its importance to the organization’s overall mission.”If you get corporate buy-in from leadership, it can help develop goals for other teams. I think that goes a long way because people understand the importance of the role,” Huber says.
Recognise it’s not one-size-fits-all: However, Budge notes that motivation and leadership styles can vary across regions. In Australia, for instance, a significant portion of cybersecurity professionals come from non-STEM backgrounds, leading to more diverse leadership styles.In contrast, she explains regions such as India have a stronger emphasis on STEM qualifications, resulting in different career development pathways. Additionally, cultural factors influence the way cybersecurity issues are perceived and addressed, with countries that have longstanding data protection regulations exhibiting more mature approaches compared to those with emerging regulatory frameworks.Ultimately, retaining cybersecurity talent requires a multifaceted approach that balances workload, prioritises mental health, fosters a culture of belonging, and offers meaningful career development, Huber concludes.”It really comes down to the individual. You have to have leaders whose job is to understand what motivates each employee,” he says. “Some people might really want recognition; others want monetary rewards. Some want additional training, while others want time off to spend with their family and friends. You have to figure out what motivates people across your organization, and that’s a challenge for any leader.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3813922/beyond-the-paycheck-what-cybersecurity-professionals-really-want.html
