cyber security jobs have a high turn over, but why?
UnixGuy Mod Posts: 4,505 Mod
edited November 2021 in Cybersecurity
I noticed that the average tenure in cyber security roles in the US is 6-18 months on average (not an accurate statistic, but observational). It's a bit longer in Australia but it's still considered relatively short as well.
I'm trying to understand the reasons behind it, and could come up with a few reasons.
One, Salaries are getting higher so you will be tempted with a higher salary. I'm guilty of this, got 80% pay rise as soon as Covid hit, couldn't say no to it.
But more often than not, I found that Security folks are usually frustrated by management and the work culture and attitude towards security. Here are some things that I observed that led people to quit:
- The job isn't what they were promised: For example they promise you that you will be detecting to and responding to threats, optimising a SOC, etc etc. The job turned out to be escalating tickets to senior responders or simply reading reports from an MSSP SOC (I've seen this scenario with my own eyes, the person quit within 2 months..)
- Security is managed by IT. There is nothing wrong with that in theory, but problems start to happen when IT decides to micromanage security. It's problematic because IT doesn't have the full context of security, IT has different priorities (i.e. availability - keeping lights on), and Security will have a hard time findings vulnerabilities and weaknesses in IT as IT has the final say (again, seen this with my own eyes, security team members started quitting one after the other..).
Can you share why Security people seem frustrated in general and why do they quit in 6-18 months?? Recruitment is expensive and I know companies would like to retain talent, specially when they cry 'talent shortage'
Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE
Check out my YouTube channel: https://youtu.be/ug_ruisDUXc
Forum Admin at www.techexams.net
Regarding the US, I worked at both a telco and regional bank in a four year period and did not recognize the observations you are making. People being frustrated with mgmt, the company's work culture, and/or job not being what was expected is not a cybersecurity phenomenon. These things happen amongst many fields so trying to understand that issue in general makes more sense than trying to focus it on cyber because I do not believe you will reach a different conclusion. I also did not notice the high turnover in either company. In both teams I worked on people had been there for many years. The only reason I left both was because the telco had layoffs (got me) and the bank did not have a presence in my newfound home so no option to simply transfer available. At the bank, security initially fell under IT, but then they moved the CISO from under the CIO to be an equal. But the prior situation didn't have any noticeable issues for us.
Note: my US experience was based in Southern California. Maybe other regions/states were different.
Regarding NL, there are a lot more people coming in and going from my employer, but that is not just cybersecurity. The contract system here is the biggest factor from what I can see. Lots of externals that can only stay for so long. In the case of internals, there is a system where you have to get a permanent contract to remain. If mgmt does not deem you fit for one then you have to find employment elsewhere. Besides that, I see internals moving on for new opportunities and higher salaries instead of leaving over frustration. I have been with the same company for over five years across four departments in five different roles. Each move for me was simply taking advantage of a new opportunity. Never moved out of frustration.
Forum Admin at www.techexams.net