There are a lot of lessons that we can take from the last couple of years, but one of the biggest will likely be the shift in labor market dynamics that has given way to what is increasingly being called the “Great Resignation.” According to the Bureau of Labor Statistics, over 4.4 million employees quit their jobs in September alone. With employee loyalty at an all-time low, the availability of remote work, record corporate profits driving growth despite supply chain shortages, and the ever-present demand for skilled talent, many employees feel that jumping ship is their best chance to advance their career and that now is the perfect time to do so. This provides unique challenges to employers in all sectors, but it is especially acute in cyber security because of the extensively documented skilled labor shortage that leaves millions of senior cyber positions unfilled.
The Great Resignation
What is happening in the labor market has been a significant change to the status quo of the last decade, even if it isn’t quite on par with the labor revolutions at the end of the 19th century. Understandably, there is a lot of mixed messaging on what this phenomenon even is. Some call it a workers’ revolution, a response to decades of mistreatment at the hands of employers who do not respect their employees, whereas most are more likely just taking the opportunity of the current labor markets’ increased demand for skilled laborers to secure themselves a more fulfilling job. Many people came away from the struggle of nationwide lockdowns in 2020 with the realization that they had been working in an unsustainable way, and that there had to be a better way to strike a fulfilling work-life balance. Facing rapidly approaching orders to return to office work, many have chosen instead to look for other opportunities that are more flexible and offer remote work capabilities.
It should be no surprise, then, that the cybersecurity industry is not immune to this trend. Interviews conducted by Security Week indicate that while mass-resignations haven’t been a big problem at the senior levels, they have been a significant problem for CISOs with respect to entry-to-mid level security personnel. One anonymous CISO responded, “Quite frankly, security teams are exhausted. It’s been two years of trying to cope with all the incidents while dealing with mental anxieties from the virus. Of course people are thinking about quitting … If you are in the packet mines, you’re likely exhausted. If you’re in a security program that isn’t supporting you properly, you’re probably already interviewing somewhere else. That’s where we are as an industry.”
The Problem
In a recent poll conducted by Monster, the outlook is grim: 80% of workers don’t think their employer provides growth opportunities, 34% believe that the best way for career advancement is to find a job with a new employer, and 86% of those surveyed believe that their careers have stalled during the pandemic. This points to one of the biggest reasons employees jump ship, which is a lack of growth opportunities. Especially for cybersecurity professionals, stagnation is extremely punishing because most are constantly looking to expose themselves to new technologies to grow their professional capabilities. This question of growth opportunities applies to just about all aspects of employment, such as job responsibilities, promotion prospects, overall compensation, and even in their overall work environment. For employees to feel that it is worth sticking with an employer in the long haul, especially when they hear from industry peers that they can get as much as a 30% pay bump by looking for other opportunities, they need to know that their work has meaning and will have measurable progress toward achieving their personal and professional goals.
Perhaps the second biggest reason that talent has been difficult to retain is employer flexibility. In CBS’s recent 60 Minutes piece on the topic, LinkedIn’s chief economist Karin Kimbrough opined that, “Workers want better pay and benefits, of course, but they’re also demanding autonomy and flexibility, particularly in their work schedules. And employers – large and small – simply have to respond.” Given that many have come out the other side of COVID-19 lockdowns with a new perspective on work-life balance, and particularly with how productive their work can still be in a remote setting, many are craving tothe retain the flexibility afforded to them by the necessities of the pandemic. When employees are given the order to return to the office, many have instead chosen to take their chance on the job market, looking to leverage their way into a more flexible role with equal or even greater pay than their current job.
How we can keep our best
Employee retention is, at the best of times, a fickle endeavor. Even if you are the best employer in the world, there will always be some people you can’t convince to stick around. But with the right employee support network, you can significantly improve your ability to retain existing and even attract new talent.
If everything we’ve talked about above holds true, the two biggest issues that need to be addressed are poor opportunities for employee growth and an inflexible work environment. The first issue is far more complicated than the second, as it requires a shift in corporate culture that allows for employees to expand their horizons over the course of their employment. This doesn’t just mean allowing employees to take on new responsibilities, it means allowing for employees to explore career shifts into other roles, employee development plans to support career goals, opportunities for promotion, and training opportunities to support professional development. For cybersecurity professionals in particular this is absolutely critical, as having the ability to learn the latest trends and technologies is essential to staying ahead of the curve.
The second issue is perhaps the simplest to solve, but it’s still not the easiest thing in the world. Flexibility in the workplace means more than just allowing for employees to telecommute, because it also means empowering employees to create a healthier work-life balance that allows them to combat burnout to ensure long-term performance. Employees want to retain the autonomy over their work environment that they obtained during the pandemic, and skilled employees are far more likely to test the waters of the labor market if they are not afforded that autonomy. Employers need to adapt to the new demands of the labor market, and part of that concession will be allowing for greater flexibility on where, when, and how employees do their work.
Increasing automation in cybersecurity can help in both regards by eliminating repetitive and menial work that staff simply do not find rewarding or that may be unnecessarily taxing. This approach is also advantageous in terms of decreasing the need for a large cyber/IT workforce focused on the mundane. This is a boon for both employees and employers as it has the short-term effect of freeing up employee time to facilitate professional growth in new directions while also having long-term efficiency benefits for the employer.
All in all, the Great Resignation is an ongoing phenomenon that will eventually be a case study in economic journals everywhere. It’s a rapid change from the status-quo of pre-pandemic times, and only the future will tell how long these new market conditions last. In the short-to-medium term outlook, though, there remains a vast disparity in the number of jobs available and workers willing to work them; meaning that at least for the next year, it will be a worker’s market.
