Countering Cybersecurity Turnover: 57 Companies That Do It Best
What does it take to keep highly skilled cybersecurity employees?
Salary and benefits are table-stakes. Challenging work, ongoing training, an opportunity to advance without having to become a manager, and a talented peer group all help companies recruit and retain these sought-after “ninjas”—the individuals who can do what artificial intelligence security tools can’t.
Research from the SANS Institute, a leading information security training provider, has identified 57 government contractors that do a better job of recruiting and retaining high-level cybersecurity professionals, based on the advanced technical certifications held by their employees. (See list below.)
Retaining talented infosec professionals is a major challenge. The non-profit Center for Strategic and International Studies (CSIS), a strategic security think tank in Washington D.C., found that rampant employee turnover has become so “institutionalized” among cybersecurity professionals in Silicon Valley that even companies like Facebook and Google don’t expect to keep their most-talented personnel longer than three or four years.
The SANS report, released Wednesday, builds on the findings of the CSIS study (which was funded by the SANS Institute). Taken together, the research offers some guidance for building IT security teams, whose essential value to businesses and governments grows with each new costly, disruptive, and damaging cyberattack.
Alan Paller, founder and director of research for the Bethesda, MD-based SANS Institute (his picture is at the top of the page), said the follow-up report focused solely on government IT systems integrators “because they compete for government business on the basis of the quality and number of ninjas they can deploy.”
A “ninja,” Paller explained in an e-mail., “is the person who can do the threat-hunting that eludes the [artificial intelligence] AI tools. She/he is the person who fights back against cyber weapons with rapid adjustments to defenses. The AI folks are doing well at replacing the ‘screen watchers’ but are not anywhere near the higher skills—yet.”
He described the report as a “first round,” and indicated the SANS Institute plans to evaluate other types of software companies as well. The 57 companies identified by the SANS Institute are:
|Alion Science & Technology||Fluor||MCI|
|American Systems||General Atomics||Noblis|
|AT&T||General Dynamics||Northrop Grumman|
|BAE Systems||General Electric||Parsons|
|Battelle Memorial Institute||Harris Corp.||PriceWaterhouseCoopers|
|Boeing||Hewlett Packard Enterprise||Raytheon|
|Booz Allen Hamilton||Honeywell||SAIC|
|CACI||IBM||Salient Federal Solutions|
|CenturyLink||Intuitive Research and Technology Corp.||Unisys|
|CGI Group||Jacobs Engineering||United Technologies|
|CH2M Hill||John Snow||Vectrus|
|Cubic Corp.||Leidos||World Wide Technology|
The CSIS report, released seven months ago, cited employment factors that elite cybersecurity experts value most—that is, once their threshold requirement for salary and benefits has been met. These factors also could serve more broadly as counter-measures against rampant turnover among high-level IT employees in general. They include:
—Challenging, high-impact work and a demonstrated commitment and continuing investment in training. (As a result, the most-skilled cybersecurity experts tend to have more professional certifications.)
—Flexible work schedule, and the ability to advance without having to assume management responsibilities.
—In what CSIS dubbed “the Kevin Durant effect,” highly skilled professionals want to work with others whose talent and work they respect. NBA basketball star Kevin Durant ostensibly left the Oklahoma City Thunder last year for the Golden State Warriors so he could play with better teammates and have a better shot at winning the NBA championship.