[ Editor's note: This article is part of an ongoing series in which we ask CIOs and IT leaders about their toughest talent challenges – and their best retention tips. Next up, Ian McClarty, president and CIO of Phoenix Data Center, explains why security talent is in scarce supply, and what he's doing to keep it.]
We are extending our security products and services, and seasoned cybersecurity talent is tougher to find. Cybersecurity talent is tough for the following reasons: 1) a shortage of labor pool, 2) high demand for cybersecurity professionals, and 3) competitive market for the current employees.
Not enough students are currently studying in the cybersecurity field. In my family alone, we have 17 nieces and nephews, and only one is even thinking about going into the field. The labor shortage is compounded by many cybersecurity professionals getting into retirement age, which leaves a massive vacuum.
The high demand for cybersecurity professionals stems from a trend in increasing compliance demands impacting companies. It makes sense for a hospital to go through HIPPA compliance, but now hospitals are extending their compliance to their entire vendor network. If you are an organization that may even remotely touch patient data, you have to follow HIPPA compliance. Compliance and security go hand-in-hand, so organizations are having to staff not just compliance officers but also cybersecurity professionals to make sure compliance is followed – a checks-and-balance system.
[ Are you a DevOps job seeker or a hiring manager? Get our free resource: The Ultimate DevOps Hiring Guide. ]
The competitive market for current employees with experience increases because of factors one and two. Beyond cybersecurity talent, we also find talent that is higher level DevOps or anything virtualization/cloud related in the title to be a tall order.
How I retain the rising stars in my IT organization
A promotion path is critical to retaining good IT talent. As a service provider, we are fortunate that we have an excellent tiering system for IT talent. In the IT industry, people are used to bouncing around jobs, especially in markets that are hot. When a person can see they can grow with a company and new opportunity opens up, it makes a difference in retention.
Most of our new employees who don’t have professional experience start their careers in our Network Operations Center (NOC), hardware department, or help desk. The ability for an employee to grow with the organization, just within NOC, is three tier levels deep. They may start at tier one, taking phone calls and doing basic support, then move to tier two, which handles more complex tickets, then eventually to tier three, which handles engineering responsibilities.
From NOC they can move over to specialized engineering departments such as cloud infrastructure or networking. Within the engineering departments, they have the ability to grow in their multiple tier levels. After engineering, we then have architecture as another growth path. I have also omitted non-technical areas that a NOC person can grow into such as sales engineering or management. There are multiple paths to take forward – and that makes a difference in talent retention.
Bonus tip: Attitude over aptitude
Attitude over aptitude goes a long way. Finding ways of challenging the employee and taking them out of their comfort zone are fundamental. Having someone pick up a new skill set and giving them time to do it are equally important. We find that giving someone the extra time to learn new skill sets and become proficient in them is well worth the investment. Time is definitely a luxury for organizations, but the extra effort pays in dividends.
[ Why is adpatability the new power skill? Read our new report from HBR Analytic Services: Transformation Masters: The New Rules of CIO Leadership ]