How to Attract and Retain Top Cybersecurity Talent

Deepti Gopal, Director Analyst at Gartner highlights that the old approach for hiring and retaining cybersecurity talent needs to change and suggests a new talent management life cycle framework for CISOs

The worldwide dearth of cybersecurity talent has necessitated a shift in approach to talent management for chief information security officers (CISOs). The conventional ways of approaching cybersecurity talent issues, which were primarily reactive and fragmented, are no longer sufficient when it comes to running sustainable and defensible security programs.

To retain and attract top cybersecurity talent, CISOs should consider implementing the talent management life cycle framework, which consists of four phases outlined below.

Recruiting the Right Talent
Organizations must recruit the right talent by creating cybertalent profiles based on the functional needs of the organization and by expanding the talent pipeline beyond IT.

  • Creating Functional Cybertalent Profiles – Talent profiles are an effective way to capture and express the value and vision a role will bring to an organization. Collaborate with recruitment and HR teams to develop job descriptions that prioritize digital competencies over specific technical know-how or credentials. This will help ensure suitable candidates are not discouraged from applying, as well as assist in meeting the organization’s program needs.
  • Expand Candidate Pipeline Beyond IT –- Traditionally,cybersecurity leaders have often looked to IT professionals to build their talent pipeline. Their technical expertise serves as a great platform to upskill cybersecurity capabilities. However, acknowledge there is an abundance of talented and enthusiastic individuals outside of the traditional IT background who could potentially make a great contribution. When partnering with HR teams on recruitment, take the opportunity to emphasize your brand’s persona and reframe it to target security talent.

As cybersecurity is not homogeneous, build a team of individuals who collectively possess the skills and competencies necessary to deliver the security program effectively rather than searching for a copy of a successful long-term high performer. Gartner predicts that by 2026, 60% of organizations will shift from external hiring to “quiet hiring” from internal talent markets to address systemic cybersecurity recruitment challenges.

Renewing the Cybersecurity Workforce
CISOs must take several steps to ensure the continuous renewal of workforce capabilities that support and align with digital business needs.

  • Develop Skills and Competencies – Strive to sharpen their expertise as much as that of their teams, to boost their leadership performance. Allocating time and resources for an extensive skills and competencies assessment should be a priority, with focus on those areas that successful security teams require – be it digital literacy, business acumen or adaptability.
  • Career Planning for Employees – Gartner research shows that the lack of development and career opportunities is one of the top drivers for cybertalent attrition. Leading organizations today put significantly more effort into improving the versatility of their cybersecurity workforce through a systematic talent development strategy that enables continuous learning and career growth.

Long-Term Talent Retention
A positive employee experience contributes to employee engagement, which is key to retention. Understand the factors that impact employee experience and drive employee engagement first. In the next step, develop a total rewards strategy to motivate, reward, and retain employees.

To address the high turnover and changes in employee preference, create an employee value proposition (EVP). An EVP is the set of attributes that the labor market and current employees perceive as the value they gain through employment with the organization. Adopt the “human deal” as a new way of defining and delivering EVP to future-proof the cybersecurity workforce. In addition, ensure that employees feel seen and that their organization values their contributions.

Releasing Employees While Staying in Touch
More than ever, recognize that employees leaving the organization doesn’t necessarily lead to severed ties. Staying in touch through an alumni network will be beneficial for both the organization and the employee. Former employees have a great chance of re-entering the organization as customers, partners, or other personas.

When employees are heard during their time in the organization and during their exit, organizations leave a lasting positive impression. Brand advocacy is greatly enhanced by having a healthy alumni network. Building long-term relationships with existing employees results in business opportunities and referrals.