To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.

John Moran, Senior Product Manager, DFLabs

August 1, 2019

5 Min Read

People, processes, and technology: the three most important components of security operations. Processes can be designed and documented, technology can be purchased and implemented, but people are most often the X factor in the equation. If you've worked in security operations, you know that people can make or break a team. An experienced analyst with a continuous drive to learn and an analytical mind capable of investigating complex threats can be worth his or her weight in gold. Compound that with the institutional knowledge gained over years of working within an organization’s infrastructure, and employee retention becomes one of the most critical components of any successful security operations team.

When we talk about the shortage of skilled analysts, the problem isn't a lack of bodies to fill empty chairs; it's the shortage of highly sought-after employees that is most crucial to address. Let’s look at some of the most important aspects of employee retention in a security operations environment and the most effective ways to address them.

Compensation
While compensation may not be the only factor employees consider in their career satisfaction, don't take it for granted. Retaining the best employees requires competitive compensation across the board. Let's start with monetary compensation. Salary is the most obvious form of monetary compensation and should be on par with comparable positions in the industry. However, employees are increasingly focused on other areas of monetary compensation when evaluating their satisfaction. Bonuses, retirement, paid time off, employee perks, and other benefits are highly effective ways to boost satisfaction when a salary increase may not be an option. These methods of compensation can be doubly effective when used as part of a well-planned incentive or reward program.

Advancement
Employees who are driven to succeed and advance are a tremendous asset to an organization, and this attitude should be rewarded with opportunities. Traditionally, advancement was seen as the opportunity to move to a management position. Not everyone aspires to be a manager or should be a manager, but this shouldn't inhibit an employee’s opportunity for advancement. This is especially true in highly technical fields such as security operations, where some employees may wish to simply advance their technical skills, and skill in managing technical problems doesn't always translate to skill in managing people.

Career paths should be defined for those who aspire to advance to management, as well as those who aspire to advance along a purely technical path. These paths should be clearly defined with unambiguous expectations, giving employees a visible route from where they are now to where they want to be.

Training
Training is undoubtedly critical for the organization itself. Technology and the threats we face are constantly evolving, and continuous training is key to remaining ahead of the curve. Aside from the obvious benefits to the organization itself, training can play a critical role in employee retention. Analysts who possess a continuous drive to learn are exactly the kind of employees an organization should strive to retain, and it's critical to feed that drive to learn as often as possible.

Conferences, classes, and events are great ways to continuously educate your security staff. However, these options often come with a high cost and may be an extravagance that an organization can't afford at scale. In these cases, it can be highly effective to use such events as a method of compensation or reward for senior or high-performing employees.

Whether conferences, classes, and events are annual occurrences or out of reach for your organization, providing other methods of education throughout the year is imperative. Chances are, most employees have a unique set of skills and knowledge that other employees can benefit from. Internal training conducted by the organization’s own employees can be a productive way to fill the training gaps and transfer knowledge between team members.

Internal training between groups within the organization is also a proactive way to provide employees with an understanding and appreciation for the roles of other teams and build relationships. Technical exercises and scenarios are a cost-effective way to reinforce technical skills and encourage healthy competition. Subscriptions for online training or education platforms that can be used on-demand are also a good way to feed the minds of analysts.

Environment
We can't all be Google, but there are many environmental factors that can positively affect employee retention short of juice bars and pool tables. Circling back to the beginning of this post for a moment, proper processes and technology can have a tremendously positive impact on the environment. Clear, well-documented processes provide employees with straightforward expectations and stability. Technology, when implemented properly, can significantly reduce the workload and stress level on employees who often work in high-pressure, overloaded environments.

Fostering a collaborative, respectful team environment between all staff members, including management, can have an enormous impact on the efficiency of daily operations, as well as employee retention. This is especially true in security operations, where employees must often work closely with those inside and outside of their respective teams and trust that all team members are performing their tasks effectively.

The physical environment should also be optimized wherever possible; including adequate space, good lighting, collaborative spaces, and proper work areas. In an office environment, this can be easier to achieve. With the increasingly remote workforce in many security operations teams, controlling the physical environment can be much more challenging. Although the physical space may be outside the direct control of management for remote employees, organizations can still ensure that remote employees are properly educated on optimizing their home office and provided with access to the best technology and accessories to make them successful remote employees.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

About the Author(s)

John Moran

Senior Product Manager, DFLabs

John Moran is a product management, security operations, and incident response expert and currently holds the position of Senior Product Manager at DFLabs, where he is responsible for shaping the product road map, strategic planning, technology partnerships, and customer success. He has served as a senior incident response analyst for NTT Security, computer forensic analyst for the Maine State Police Computer Crimes Unit and computer forensics task force officer for the US Department of Homeland Security. John currently holds GCFA, CFCE, EnCE, CEH, CHFI, CCLO, CCPA, A+, Net+, and Security+ certifications.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights