Countering Cybersecurity Turnover: 57 Companies That Do It Best

What does it take to keep highly skilled cybersecurity employees?

Salary and benefits are table-stakes. Challenging work, ongoing training, an opportunity to advance without having to become a manager, and a talented peer group all help companies recruit and retain these sought-after “ninjas”—the individuals who can do what artificial intelligence security tools can’t.

Research from the SANS Institute, a leading information security training provider, has identified 57 government contractors that do a better job of recruiting and retaining high-level cybersecurity professionals, based on the advanced technical certifications held by their employees. (See list below.)

Retaining talented infosec professionals is a major challenge. The non-profit Center for Strategic and International Studies (CSIS), a strategic security think tank in Washington D.C., found that rampant employee turnover has become so “institutionalized” among cybersecurity professionals in Silicon Valley that even companies like Facebook and Google don’t expect to keep their most-talented personnel longer than three or four years.

The SANS report, released Wednesday, builds on the findings of the CSIS study (which was funded by the SANS Institute). Taken together, the research offers some guidance for building IT security teams, whose essential value to businesses and governments grows with each new costly, disruptive, and damaging cyberattack.

Alan Paller, founder and director of research for the Bethesda, MD-based SANS Institute (his picture is at the top of the page), said the follow-up report focused solely on government IT systems integrators “because they compete for government business on the basis of the quality and number of ninjas they can deploy.”

A “ninja,” Paller explained in an e-mail., “is the person who can do the threat-hunting that eludes the [artificial intelligence] AI tools. She/he is the person who fights back against cyber weapons with rapid adjustments to defenses. The AI folks are doing well at replacing the ‘screen watchers’ but are not anywhere near the higher skills—yet.”

He described the report as a “first round,” and indicated the SANS Institute plans to evaluate other types of software companies as well. The 57 companies identified by the SANS Institute are:

Accenture Deloitte ManTech
ActioNet Dyncorp MAXIMUS
AECOM Engility Microsoft
Alion Science & Technology Fluor MCI
American Systems General Atomics Noblis
AT&T General Dynamics Northrop Grumman
BAE Systems General Electric Parsons
Battelle Memorial Institute Harris Corp. PriceWaterhouseCoopers
Boeing Hewlett Packard Enterprise Raytheon
Booz Allen Hamilton Honeywell SAIC
CACI IBM Salient Federal Solutions
CDW ICF International Serco
CenturyLink Intuitive Research and Technology Corp. Unisys
CGI Group Jacobs Engineering United Technologies
CH2M Hill John Snow Vectrus
Cisco KPMG Vencore
CSRA L-3 Communications Verizon
Cubic Corp. Leidos World Wide Technology
Dell Lockheed Martin Wyle

The CSIS report, released seven months ago, cited employment factors that elite cybersecurity experts value most—that is, once their threshold requirement for salary and benefits has been met. These factors also could serve more broadly as counter-measures against rampant turnover among high-level IT employees in general. They include:

—Challenging, high-impact work and a demonstrated commitment and continuing investment in training. (As a result, the most-skilled cybersecurity experts tend to have more professional certifications.)

—Flexible work schedule, and the ability to advance without having to assume management responsibilities.

—In what CSIS dubbed “the Kevin Durant effect,” highly skilled professionals want to work with others whose talent and work they respect. NBA basketball star Kevin Durant ostensibly left the Oklahoma City Thunder last year for the Golden State Warriors so he could play with better teammates and have a better shot at winning the NBA championship.

Bruce V. Bigelow is the editor of Xconomy San Diego. You can e-mail him at bbigelow@xconomy.com or call (619) 669-8788 Follow @bvbigelow

Trending on Xconomy