cyber security jobs have a high turn over, but why?
I noticed that the average tenure in cyber security roles in the US is 6-18 months on average (not an accurate statistic, but observational). It's a bit longer in Australia but it's still considered relatively short as well.
I'm trying to understand the reasons behind it, and could come up with a few reasons.
One, Salaries are getting higher so you will be tempted with a higher salary. I'm guilty of this, got 80% pay rise as soon as Covid hit, couldn't say no to it.
But more often than not, I found that Security folks are usually frustrated by management and the work culture and attitude towards security. Here are some things that I observed that led people to quit:
- The job isn't what they were promised: For example they promise you that you will be detecting to and responding to threats, optimising a SOC, etc etc. The job turned out to be escalating tickets to senior responders or simply reading reports from an MSSP SOC (I've seen this scenario with my own eyes, the person quit within 2 months..)
- Security is managed by IT. There is nothing wrong with that in theory, but problems start to happen when IT decides to micromanage security. It's problematic because IT doesn't have the full context of security, IT has different priorities (i.e. availability - keeping lights on), and Security will have a hard time findings vulnerabilities and weaknesses in IT as IT has the final say (again, seen this with my own eyes, security team members started quitting one after the other..).
Can you share why Security people seem frustrated in general and why do they quit in 6-18 months?? Recruitment is expensive and I know companies would like to retain talent, specially when they cry 'talent shortage'
Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE
Check out my YouTube channel: https://youtu.be/DRJic8vCodE