Cybersecurity workers, the main line of defense against increasing threats from hackers, are mostly dissatisfied with their jobs, according to a new survey.
The vast majority of U.S. cybersecurity workers—more than two-thirds—would not recommend their current employer to a peer, according to a recent survey of professionals by research firm IANS and the cyber recruitment firm Artico Search.
U.S. cyber defenders are not just unhappy; around half of all employees from department heads to lower middle managers are considering leaving for another business within a year. The survey received responses from more than 500 security workers ranging from department heads to early-career professionals in the U.S. and Canada.
What’s more, employee dissatisfaction comes at a time where labor shortages in the cyber workforce means businesses and government agencies are having to make do with less reliable infrastructure. Cybersecurity workers can be thought of as the white blood cells of the digital economy—the less there are of them the more likely a system will be infected.
Cyber pros often must take on more responsibilities in an ever-changing threat environment without additional resources or compensation. Seasoned workers aren’t expecting that to change anytime soon since workforce shortages are a long-standing issue within the field and many security personnel must wear many hats, said Nick Kakolowski, senior research director at IANS.
“Security personnel are burnt out, but it’s universal,” Kakolowski said. “They know they’re going to get burnt out at the next job too.”
Steve Martano, executive cyber recruiter at Artico Search who also works at IANS, said that the reason for dissatisfaction is often the combination of being overstretched and overworked, while also not advancing career-wise.
To increase job satisfaction, corporate leaders should find ways to attract new talent and retain current employees. Otherwise, the musical chairs and staff shortages leave companies “susceptible to poaching by competitors,” Martano notes in the report.
One way organizations can maintain stability while supporting growth is aligning the career goals of star employees with business needs, and vice versa. Businesses should identify what those star employees are proficient at and what they want to be proficient at. Then, the company should follow up by investing in those areas.
“By aligning professional development initiatives with the key experiences that contribute to success, organizations can empower their staff to excel in their roles and drive meaningful contributions to the security function,” the report said.
Wanted: remote work and job satisfaction
Bob Maley, chief information security officer at the cybersecurity firm Black Kite, says that most cybersecurity professionals are ambitious and driven. Employers looking to find top talent at industry events and conferences or by talking to recruiters should look for potential employees that crave constant learning and have a genuine passion for the field.
“[Cybersecurity professionals] want to learn and grow, and they want to feel like they’re making a difference,” Maley said. “When they feel stuck in a role with no opportunity for advancement, it can be very demotivating.”
The report notes that the highest portion of workers dissatisfied with career progressions are department heads. More than half indicated they planned to change jobs within 12 months.
Lower-ranking employees were only slightly more positive. Forty-six percent of middle management and 40% of functional staff were also considering a near-term change.
“These findings suggest that while people are being promoted to higher-level roles, they often feel impatient and believe they are ready for the next step—typically the CISO role for functional department heads,” the report notes.
For smaller companies looking to compete with or draw talent away from Fortune 500-level businesses, Maley had a few recommendations. He suggested that they start mentorship programs, offer training and education reimbursement, and provide leadership training—all of which can help employees advance their careers.
Artico’s Martano said additional opportunities can arise from reducing the separation between cybersecurity and business operations while enhancing employees’ management, leadership, and communication skills in a field typically dominated by technical expertise.
“We’re still in an environment where technical skills are highly-regarded earlier in mid-career,” Martano said. “But there comes a point for somebody to make that shift to director, [vice-president] level and up they need to become more business-centric, and that’s where we’re seeing a big gap.”
As employees advance in their careers, their recommendations can benefit the business in the long run, Martano noted. Cybersecurity professionals who have positive experiences are more likely to refer others to the company.
“The next role might not be at your company but that’s the right thing to do,” said Martano.
The report also found an almost $60,000 salary gap between cybersecurity workers in different geographic regions. Those on the East and West Coasts earned more than those in the central and southeast regions. While not all businesses looking to hire top talent can match the salaries on the coastal tech hubs like San Francisco or New York City, they can still entice and hold onto top talent, said Maley. Focusing on a positive company culture and offering work-from-home can help, he said.
The survey found that cybersecurity professionals overwhelmingly preferred remote or hybrid arrangements, meaning that any shifts back to the office “in this talent-scarce field risks disengagement, increased turnover, and recruitment difficulties,” the report noted. Just 1% of respondents said they preferred onsite roles.