ISACA Conference North America 2022 last month featured the launch of ISACA’s new initiative focusing on the pursuit of digital trust, which was a recurring theme throughout many of the event’s presentations. Two speakers, David Foote and Sushila Nair, spoke about the state of the workforce in digital trust professions and about the struggles of employee retention.
What connected them? A focus on humanity.
“Most of the questions I got as an analyst at Gartner prior to starting my own firm were about people,” David Foote, chief analyst of Foote Partners, LLC, said as he introduced his presentation, “Analyst View: A Data-Driven Insider’s Guide to Accelerating CyberSec/Risk/Privacy/Governance Careers.” He emphasized that is it more important than ever to pay attention to the human side of this industry because companies do not realize how disconnected their workers feel.
Most companies assume that in order to retain employees, they must simply offer increasing amounts of money; however, according to Foote’s research, most employees in digital trust and other fields want to feel like they are valued. In fact, 51% of tech workers surveyed said they were willing to sacrifice 5% or more of their pay to be in control of their working hours and location. This echoes a larger sentiment from 87% of surveyed workers, who reported a desire to be in control of their schedules and have their performances measured purely by results. The inability to be flexible with employees’ hours, days, and options to work remotely is just one of the reasons that around six million people have voluntarily left the workforce since the beginning of the pandemic.
In her presentation, “Workforce Transformation: Cloudy Days are Here,” Sushila Nair, vice president of security services at NTT DATA, delved into detail on the current state of the cybersecurity workforce and outlined solutions to increase employee retention.
According to Nair and ISACA’s State of Cybersecurity 2022 Report , 62% of respondents reported that their cybersecurity teams are understaffed; 63% said they have unfilled cybersecurity positions; 55% said their applicants are not well-qualified; and only 30% said their HR departments regularly understand cybersecurity hiring. There is a glaring skills gap present in the industry that needs to be addressed promptly, as Nair highlighted that those who take longer to fill such positions also report more cybersecurity attacks.
How do we solve this skills gap issue? According to Nair, there are three methods: hire the best, upskill current workers, or start from scratch. Technical skills are easier to build than soft skills, but 54% of respondents cited “soft skills”—some of the most in-demand being communication skills, emotional and social intelligence, team spirit, and creativity—as being the largest gap. Utilizing metrics like certifications and self-assessments, Nair encouraged organizations to conduct a skills gap analysis and enable a 70/20/10 model to help foster a culture of learning within companies. This model operates under the assumptions that 70% of learning comes from experience and experimentation, 20% derives from working with others, and 10% comes from planned learning solutions. That is why resources like those that ISACA chapters provide are crucial for success.
Employees also need to have the proper motivation to continue to develop their skills and knowledge; Nair argues that it is crucial to lead by example by rewarding and compensating the behavior that is in line with a learning culture, and to give people a goal to work towards. “If you don’t have a list of goals, how will you reach them?” she posed at the end of her presentation.
Communication remains key, both in digital trust professions and beyond. Nair encouraged organizations to communicate the things they value, including values around learning, from the very beginning in any job descriptions they post. These values should be present in performance appraisals and bonuses, too.
While compensation is not the only aspect of staff retention, it is one of the many layers present. Organizations need to connect with their employees on a human level to understand the kinds of stress levels and workloads they are operating under. Valuing their employees, allowing flexibility in the workplace, fostering an environment where workers are excited to learn, and helping them navigate appropriate workloads are all ways to retain employees in digital trust fields. Nair said, “We have to fund and enable the next generation … so we have enough people to secure the next digital transformation.”