Filling the Cloud Security IT Skills Gap… and Preventing Attrition

By on May 04, 2016

This blog was written by Brian Dye.

With 500,000 new security threats being discovered every day, and new challenges like cloud and mobile device security whipsawing IT priorities, the need to retain skilled cyber-security pros has never been greater. Unfortunately, competition for those professionals is also at an all-time high.

More than 209,000 cybersecurity jobs are unfilled in the U.S., and the number of postings has jumped 74% percent over the past five years, according to Peninsula Press, a project of the Stanford University journalism program. Demand is expected to grow by another 53% through 2018. And as IT evolves, the skillsets must evolve – meaning this shortage is only doing to get worse.

“If the predictions are even partially true, we’ll be in a world of hurt in our industry if we don’t act now” to train the next generation of cyber security experts, said Christopher D. Young, Senior Vice President and General Manager, McAfee, in a March, 2016 RSA Conference keynote.

Cloud computing, in particular, presents a host of new security issues to IT organizations related to issues such as protecting data, facilitating encryption and security protocols across multiple cloud providers, and negotiating service level agreements (SLAs) that ensure security and compliance. Never before has your cloud security team been more important. Here are a few techniques CISOs can consider.

Bite the bullet on cost. If you want skilled professionals, you have to pay for them. While there is little information available on pay rates for cloud-specific security skills, lead software security engineers earn an average of more than $233,000 annually, according to This makes them the highest-paid line staff in the IT profession. But consider their value. It’s estimated that the average consolidated cost of a data breach is $3.8 million. And that doesn’t account for the massive reputational damage that can accompany such attacks. With dollar values like that at stake, you have a pretty convincing case to argue for budget.

Define career paths. Pay is overestimated as a factor in job satisfaction among knowledge professionals, and security is no exception. In fact, nearly 30% of respondents to the SANS Institute’s 2014 Cybersecurity Professional Trends report listed career advancement as their main goal in pursuing a new position, edging out compensation.

This is where the cloud presents opportunities. With cloud security standards still being defined, your security pros can take on new and critical roles in creating strategies and governance standards for your organization. Your training investments in this area will pay off for your organization as well as your people. Cloud security will also open up new career paths.

Creating well-defined career paths is a good retention strategy in any field. Specify career advancement options, timeframes, and milestones that employees should meet to move ahead. Then deliver on expectations. Technology, and the security field in particular, changes so rapidly that ambitious pros should find plenty of opportunity to grow. The more quickly they advance, the less likely they are to leave.

Offer engaging work. Use the cloud to vary the responsibilities of your star performers by offering assignments in emerging specialty fields like software-defined data center security, hybrid cloud authentication, shadow IT identification, mobile device management, and threat-detection analytics. Engaging workers has been show to help negate attrition, and you’ll have a better chance to stay ahead of the latest changes to the threat landscape.

Assign SMEs. Here’s another tactic: assign individuals to become staff subject matter experts (SMEs). For example, identify a talented pro to become your identity and access management expert, then have him/her brief your leadership on your strategy and/or the steps you’re taking. If you have a chance to present the report to senior executives, who are increasingly putting security front and center, it’s a great way to recognize the contributions of a talented staffer (never mind stress the necessary investment needed).

Encourage collaboration. Security is the most collaborative of all IT professions, with experts freely sharing new discoveries and prevention tactics. Sponsor your best staff to represent your company on committees and local networking groups and to attend and present at conferences. Yes, there’s a risk they’ll be hired away, but your willingness to invest in their visibility is a powerful argument in your favor. In most cases, cloud security requires collaboration with 3rd-party cloud service providers, especially when drafting your SLA – who better to help contribute to the conversation?

Provide training opportunities. The risks that dominate the cyber security field change continually.  Investing in skills development isn’t a “nice to have.” Your best people should be selected for the best training programs. While you might be enhancing their marketability, the more important issue is that you’re protecting your company. There are even new certifications, like Certificate of Cloud Security Knowledge  and Certified Cloud Security Professional, that offer additional room for growth.

Retaining good cloud security employees may not be easy—but the consequences of not doing so are worse.

Read the original post on CSO Online.

About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs