I recently had a great time as a guest on the CISO/Security Vendor Relationship podcast with David Spark and Mike Johnson, CISO of Lyft. Part of our discussion focused on the challenges of hiring in the security industry. Whether your perspective is that the shortage is real and growing, or that the surge of interest among college entrants just hasn't yet caught up to the demand, the fact remains that security practitioners enjoy one of the lowest unemployment rates of any career. As a security practitioner that has seen the industry evolve over the past decade, our conversation got me thinking about the driving forces behind this shortfall of nearly three million people.
Often, when we discuss the skills gap challenge in cyber security, we focus on finding talented people. There is also a key challenge in retaining those personnel. A 2018 report from ISC, Hiring and Retaining Top Security Talent, reveals a staggering statistic: only 15% of cybersecurity professionals have “no plans” to leave their current employment. That means the majority of your employees, peers and coworkers are ripe for being poached by another company, or even your biggest competitor. While training, well-defined responsibilities and C-suite transparency are all important measures to improve employee satisfaction, it's clear that security managers need to look deeper if they are to meaningfully combat the retention crisis.
At Endgame, we learned quickly that our employees craved the opportunity to solve hard problems - it's why they joined a startup! - but they needed autonomy to discover new, innovative solutions. As a product leader, permitting autonomy could be considered counterintuitive to shipping features quickly, defining what to do and having it built to spec. However, over and over again it has been proven that empowering our team to find the ideal solution to a customer challenge has led to more customer delight and faster feature delivery.
Attract and hire employees that give a shit
Your company values cannot just be aspirational words on a wall, they need to be the star that guides you in hiring, promoting, and even firing. Unless your values are practiced, they are meaningless. Nearly every organization that has a problem with "churn" has a gap between their aspirational and practiced values. And, it almost always starts at the top.
Living by our values, even when it has not been easy or convenient, is what has led to the fantastic culture at Endgame. From the start, we set out to only hire people who lived up to our company values, the core of which is the title of this section. We've had to make some difficult decisions to stay true to those values - from taking a chance on an untested-but-eager recent graduate to letting go of exceptionally capable players who lacked the right attitude. We strive to find and retain people that are mission-focused, and who care about the customer’s problem more than anything else. Passion is the fuel great products are built upon.
Encourage people to fail
That’s right. Let people know it is ok to fail. Our CEO often reiterates, “failing does not make you a failure,” and I could not agree more. The only way to innovate and wow your customers is to strive for new ways to solve their problems. If you foster a this-must-always-work attitude among your team, you will destroy the spark of innovation inside them. Allow them to fail, and to learn, and to grow. Your customers will thank you for the results.
Lead with the “why”
If you are in a leadership position, you should constantly repeat the “why” behind what you ask of your team. People that give a shit do not want to only be told “how” to accomplish the mission. They want to understand why - the core problem we are trying to solve and how can they contribute to fixing it. When you lead with the “why” you allow your team to help discover solutions you may never have considered without collective brainstorming and you allow them to connect their work directly to the value it brings to customers. The Manager Tools series, Leader’s Intent, does a great job of delving into topics such as these.
When you hire mission-focused people, provide them with the autonomy to solve hard problems, and constantly communicate the “why” behind the ask, you will see your retention rate improve. At Endgame, focusing on these themes has brought our retention rate far above industry average, something we are immensely proud of. These principles not only increase retention, but also increase productivity. When employees feel empowered to make decisions because they understand the "why," work - great work - is completed faster.