After certification: Investing in employees' cybersecurity career pathways
If your organization said goodbye to several high-performing employees this past year and you were left wondering why, you weren't alone.
One in four workers quit their job in 2021, creating what many economists have referred to as the "Great Resignation."
While every worker's situation and reasons for moving on are different, there is one common thread for helping employers fight back and stem the tide of their valued employees from following suit: professional development.
According to one survey, 21 percent of employees left their organization due to a lack of career advancement opportunities. In another eye-catching workplace survey, the researchers found that 94 percent of employees would stay longer with their current company if they invested in helping them learn.
Add these trends on top of an already-difficult cybersecurity job market and estimates that note that it can cost organizations 50 percent of an employee's salary to replace them, and you can see why many employers are looking for a better path forward.
These industry trends set the scene for the recent Infosec Inspire session, featuring Mark Cheeks, Director, Cybersecurity, Rotary and Mission Systems, for Lockheed Martin and Leo Van Duyn, Cybersecurity and Technology Workforce Development Strategy, at JP Morgan and Chase Co. they spoke about how cyber career pathways support professional development and reduce churn.
ChatGPT training built for everyone
Certifications are just the beginning of development
While certification programs are a great way to demonstrate an applicant's experience with a specific security domain or skill, employers can also use these formal programs to help shape job roles and career paths.
At Chase, for example, Van Duyn explains how their organization uses certifications to "level set proficiencies" for each job role within a larger cybersecurity job family. This gives employees a way to assess their capabilities within their job roles and a chance to shape their plans for future development.
"With that information, we can then offer them different learning communities that are aligned to those areas to help them develop," notes Van Duyn. Chase then asks employees to "think of which [learning community] is best aligned to you" based on their goals and motivations. "We do this," Van Duyn adds, "because pursuing the one that most aligns to your core goals is the one you're probably going to gravitate to, that you'll be the most successful in."
This can then lead to cross-trained and continuously developing employees and employees who are happier and feel their organizations are investing in them.
Using employee development as a differentiator and motivator
The panelists also noted how their organizations view professional development not just as a budget line item but as a way to help invest in their employees and provide more well-rounded experiences.
At Chase, for example, Van Duyn notes that their employees are encouraged to participate in training, join mentorship groups or attend conferences on topics related to their current role and other career interests or on a new skill that they want to develop.
"The benefit to this is that we can then make educational recommendations based on trends that we see in the data versus just decisions that come from managers," notes Van Duyn.
Similarly, Cheeks noted that he views the act of participating in professional development programs outside of non-traditional learning paths as a great way for businesses to find the right candidates who are either career changers or that come from underserved communities or rural areas.
Ultimately, as Van Duyn notes, it is about "balancing training resources to make sure that we properly support both the development of professionals that really need that specific, specialized training with ensuring that we're offering training that is engaging to people that I would call 'cyber curious.'"
"This balancing act is really the key toward allowing us to find that newer talent that'll help fill that skill gap that everybody's experiencing in the industry right now," Van Duyn emphasized while also retaining those hard-to-find specialists.
Building successful professional development programs: Lessons learned
So what recommendations and lessons learned do the panelists have for other organizations looking to build career paths and boost the effectiveness of their professional development programs?
Find a trusted training and learning management partner
With increasing scrutiny on budgets and an eye toward capturing a return on investment, many organizations can struggle to find the right training provider to support the diversity of their learning goals.
Cheeks and Lockheed Martin found a great fit with Infosec
"With Infosec, we've been able to maximize the bottom line dollars that we have because of the catalog that's provided," notes Cheeks. "The catalog crosses a myriad of different technologies that we currently work within, and it allows us to be flexible and agile in terms of the certifications that may be needed as well."
It is also important to find a partner that can offer your employees various learning options, from self-paced to live virtual learning and instructor-based courses.
"It is also about understanding your budget, too, and how you are going to get the most bang for your buck." Cheeks continued, "And within Infosec, they have a catalog that stays current with the technologies, so it's just a great place for us to use our budget to meet all of our training requirements."
Balance formal training with hands-on experience
Van Duyn also recommends organizations find the time and capacity to add hands-on experience to their training, which is also a "really good way to evaluate their skills."
"Some companies may have their own cyber range or access to virtual environments for you to practice that hands-on-keyboard type approach to developing that skill," Van Duyn notes, "These are things you should consider when you're developing a program because they still need keyboard time to actually develop that skill."
At the same time, both panelists also noted the value that management support plays in giving employees the time and space to learn. As Van Duyn puts it, "It takes the pressure off the employee" that they can pursue training knowing that their work isn't piling up back in the office.
Set clear learning goals for positions and employees
Finally, the panelists emphasized setting clear expectations for both job roles and individual team members.
"If you don't have a clear definition of what role you're trying to develop, you could try using an existing taxonomy to help you describe that language that you need," notes Van Duyn, "or engage with your SMEs during the role definition process."
This includes members of human resources or other business process experts, like legal and talent development, so you have collective buy-in on your organization's expectations for the role.
These expectations can then be aligned to training goals, certification expectations, and other qualities that successful candidates need to bring to the table.
Phishing simulations & training
Bringing it all together
While there is no "one-size-fits-all" approach to professional development and encouraging talented employees to stay, as the panelists note, businesses that focus on their staff's personalities, experiences and goals versus just the task of passing a certification exam will continue to stand out from the competition.
Sources:
- 2021 Workplace Learning Report, LinkedIn
- Business leaders explain how professional development benefits help with employee retention, University of Massachusetts Global
- Essential Elements of Employee Retention, Society for Human Resource Management
- Four Things We Learned About the Resignation Wave–and What to Do Next, Visier
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- After certification: Investing in employees' cybersecurity career pathways
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization