Andrea Little @Limbago from Endgame conducted a very insightful research in this area.
In August and September, I surveyed over 300 security professionals, with three-quarters having worked in the field over five years, and 35% over 11 years. Their responses highlighted three key factors that have the greatest impact on retention: a lack of well-defined career paths, stress and burnout, and a need for cultural change across the industry. Without these, no matter how well we fill the pipeline, the skills shortage will only grow.
Cybersecurity jobs are too important to the economy, national security, and businesses to lose our best talent over preventable challenges. Fortunately, this mission is one of most important factors for security professionals and is a great competitive advantage for the industry. With a concerted effort to make professional lives better, we can funnel the talent pipeline into long term, productive, and satisfying careers that tackle one of the most important, dynamic, and impactful challenges of our time.
Cybersecurity workers are in high demand, and the security industry may face a shortage of close to two million qualified personnel by 2022. That’s concerning giving the increasing number of cyber attacks we’re witnessing. But what’s more concerning is that, according to recent research I conducted, the problem is not only attracting talent to cybersecurity, it’s retaining that talent. A large number of people are leaving the industry and not returning to it due to a lack of direction, burnout, and a toxic culture that can include discrimination or harassment.