How much turnover in Cyber Security are you seeing at your work place?

Ertaz · May 2018

We've had a few key guys leave out here in the nowhere-midwest for work from home gigs or bigger better jobs in the city. I wanted to poll the TE crowd to see how much turnover you're seeing.

NetworkNewb · May 2018

Not much at my company... Although I work a decent size entertainment company that is located away from the large metro area. Drive to work is awesome and they have really good benefits if you have worked there for awhile. 2 of the security analysts on my team have been here for like 15 years each. (only 4 of us)

cyberguypr · May 2018

Zero in my team. It was just me and another guy 4 years ago and now we are up to 8. We have a great compensation and benefits package on top of mentally stimulating work so I'm sure that helps. Out there in my circles I do see a lot of shuffling and moving around for multiple reasons: better compensation, telecommuting arragements, upward mobility, and others.

Who's moving in your case, Sr/enginner type guys? I understand the locaiton aspect. I for one refuse to work in the burbs/boonies and always seek employment in downtown Chicago.

Ertaz · May 2018

cyberguypr wrote: »

Zero in my team. It was just me and another guy 4 years ago and now we are up to 8. We have a great compensation and benefits package on top of mentally stimulating work so I'm sure that helps. Out there in my circles I do see a lot of shuffling and moving around for multiple reasons: better compensation, telecommuting arragements, upward mobility, and others.

Who's moving in your case, Sr/enginner type guys? I understand the locaiton aspect. I for one refuse to work in the burbs/boonies and always seek employment in downtown Chicago.

Sr. Engineers. 30-40% Salary bumps are nothing to sneeze at I suppose.

TechGromit · May 2018

There's been a bit of movement in my company recently, three people took promotions, one outside cyber security into networking, and the other two into different position within Cyber. A forth person left the company to go work for a startup. Things were pretty stable for the last couple years, it was just recently we had a lot of shuffling around.

gespenstern · May 2018

In my team over the course of the last 3 years 4 persons have left (out of roughly 15), one in India, three in the US. The salaries, benefits and job security are top notch where I work. There's only a few places that pay more and most of them are in NYC/nearby.

gespenstern · May 2018

cyberguypr wrote: »

I for one refuse to work in the burbs/boonies and always seek employment in downtown Chicago.

But why? Can't see any pros here besides there are typically more jobs in downtown so it's easier to land quickly.

jdancer · May 2018

gespenstern wrote: »

But why? Can't see any pros here besides there are typically more jobs in downtown so it's easier to land quickly.

Guessing the OP has excellent commuting options to work. In most major cities, getting around by car blows chunks.

cyberguypr · May 2018

Exactly. I drive only for pleasure and the short commute to train. Also, the city is very alive during the day, which I always found exciting although not enough to live in it.

Chitownjedi · May 2018

Average time here for security resource has been about 8 Months, averaged out over 10 people in the 2 years I've been on-site --- opportunities are abundant for them to move up and out

DZA_ · May 2018

@OP - In my last work place, we had tons of turnover. There were a few of us that got our CISSPs during our careers at this one employer (managed service provider) and we all ended up deciding to leave to other companies in the industry since they couldn't pay us the current market rate. 1 member within our group left within a 2 year time span and the other remaining 2, including myself left within 4 months of each other. At this point, they might have in a ban in place for funding their folks from getting CISSPs.

Ertaz · May 2018

DZA_ wrote: »

@OP - In my last work place, we had tons of turnover. There were a few of us that got our CISSPs during our careers at this one employer (managed service provider) and we all ended up deciding to leave to other companies in the industry since they couldn't pay us the current market rate. 1 member within our group left within a 2 year time span and the other remaining 2, including myself left within 4 months of each other. At this point, they might have in a ban in place for funding their folks from getting CISSPs.

Funny you should mention that. The guy that’s leaving got his cissp/OSCP in the last year. I’m really glad for him. It seems he’s walking into his dream job. It’s funny how MSPs need the guys with certs, but can’t pay them to stay. It’s also the reason that my work will pay for any cert or training, but the CISSP. They say it’s a requirement, but you have to achieve it through self study.

TheFORCE · May 2018

speaking from experience I've averaged 1.5 years in 3 different jobs in the past 3-4 years. My current team though is suffering as we dont have the resources.

LonerVamp · May 2018

I think MSPs really sell their services by tacking on all the certs their employees have. But the work itself is often soul-sucking, so over time, they go off to other gigs doing admin/engi work or something.

Infosec is wonderful, and while we're still coming to terms with what "entry level" is, those jobs that typically fall into that tier are often not terribly exciting or what people think of when they think security. Namely reading logs, classifying alerts, initial troubleshooting of false positives, reviewing vuln assessment reports...

We also have a problem where a lot of bullsh*tters can get by for a while, which promotes the delivery of subpar services and expertise.

UnixGuy · May 2018

I can see why that is!

few months in every job I land, and I get recruiters reaching out to me with better salaries and better titles...sometimes over 20K+ increase in pay...that happened literally yesterday, and my current work place pays above average...

I want to stay here longer because my last job was 12months (not that there is anything wrong with that) but I want a much longer stint here and I would like an internal promotion so I need to say no to recruiters.

The market is good and there is enough demand to keep luring people to move on... (I can't speak for the US though, but it seems similar.)

DZA_ · May 2018

Ertaz wrote: »

Funny you should mention that. The guy that’s leaving got his cissp/OSCP in the last year. I’m really glad for him. It seems he’s walking into his dream job. It’s funny how MSPs need the guys with certs, but can’t pay them to stay. It’s also the reason that my work will pay for any cert or training, but the CISSP. They say it’s a requirement, but you have to achieve it through self study.

Originally when I was studying for my exam, my previous employer didn't want to give me time off or compensate me for writing the exam (when I would pass). Their rationale was that it didn't reflect/contribute to the roles and responsibilities that I was doing at the time.

I ended up taking a day off, passing the exam and resigning the next day to go work for a bigger enterprise which coincidentally was in parallel the same time when I was going for my exam. You would say I've burnt a bridge but at the end of the day, it comes down to how much you value yourself at the company and if they're not paying what you're worth, it's time to move on!

@UnixGuy - What country are you in?

TechGuru80 · May 2018

Definitely a true story....I had a similar situation where I passed the CISSP and couldn’t get promoted after already having a couple years in...I said ok and started looking right away. Companies are insane to not provide training budgets to jobs that literally change all the time and protect their investments...even as little as $3,000 goes a long way if the employee can do for example a SANS work study or OSCP...for both skillsets and keeping employees motivated.

Younger generations especially want to keep learning, and most will start leaving if you don’t invest in them.

iBrokeIT · May 2018

DZA_ wrote: »

You would say I've burnt a bridge but at the end of the day, it comes down to how much you value yourself at the company and if they're not paying what you're worth, it's time to move on!

Sometimes it's unavoidable that you end up being the villain in someone else's story despite your best intentions. Always important to remember it just business and that relationship has to continue to make sense for both parties. You made the right choice.

jelevated · May 2018

Our infosec guys leave regularly and we are having a very hard time hiring competent individuals for mid/senior level roles. Likewise I am being hit up by recruiters and have been flown out for a few interviews. Post CISSP life is grand.

H-bomb · May 2018

We had a good turnover in the past year at my last company (I just got a new job at a different company). I would say probably 10-12 Security guys left within 12 months. These were Jr to mid level people. Nobody had a CISSP, but we were making less than the industry standard.

DatabaseHead · May 2018

TechGuru80 wrote: »

Definitely a true story....I had a similar situation where I passed the CISSP and couldn’t get promoted after already having a couple years in...I said ok and started looking right away. Companies are insane to not provide training budgets to jobs that literally change all the time and protect their investments...even as little as $3,000 goes a long way if the employee can do for example a SANS work study or OSCP...for both skillsets and keeping employees motivated.

Younger generations especially want to keep learning, and most will start leaving if you don’t invest in them.

IMO Management see it as a catch 22. If you train them and spend big bucks on them this will empower them and give them an avenue to leave. Whereas if you silo them into one / two roles and keep them niche they will have a harder time finding a new position..... Couple this will paying them well and rewarding them in other facets, such as bonuses and paid time off you get to keep your great employees and you mitigate them from leaving.....

TechGromit · May 2018

UnixGuy wrote: »

few months in every job I land, and I get recruiters reaching out to me with better salaries and better titles...sometimes over 20K+ increase in pay...that happened literally yesterday, and my current work place pays above average...

Contract work or Full Time Employee? Can can see contract work easily paying more, but the benefits and job security are lacking.

UnixGuy · May 2018

TechGromit wrote: »

Contract work or Full Time Employee? Can can see contract work easily paying more, but the benefits and job security are lacking.

I've always done full-time, and the positions I get contacted for are full time as well

Ertaz · May 2018

UnixGuy wrote: »

I've always done full-time, and the positions I get contacted for are full time as well

I get contacted for full time work, but it's always relo dependent. Apparently they don't think I can do the job from my basement...

Pfft... their loss.

ThePawofRizzo · May 2018

While I don't work in our corporate IT Security dept., it is only three guys, and the junior was just hired.

From a couple recruiters in this area that I've visited with (coming to see my manager to look for placements, not because I was looking for work) have said IT Security is pretty strong in this area, so I suspect someone with some experience would have some options.

olaHalo · May 2018

I work at an MSSP. We have very high turnover.

BillHoo · May 2018

In the DC Metro area there is high demand for Cyber Security guys.

Current White House has increased support for Cyber. Previous IT jobs, I'ves stayed 5 to 10 years. Lately, there are just too many good offers to NOT leave a job. Nothing wrong with the work environment or people... It's all about the money and what drives it is the high cost of certifications.

How much turnover in Cyber Security are you seeing at your work place?

Comments