author photo
By Bruce Sussman
Fri | Jun 14, 2019 | 3:30 AM PDT

ISACA just issued its 2019 State of Cybersecurity report, and it reveals why cybersecurity professionals are leaving their current roles.

Top 3 reasons cybersecurity professionals quit

The ISACA report found the following reasons IT security pros change companies.

  1.  82% — "Better financial incentives (salary or bonus) elsewhere"
  2.  57% — "Promotion and development opportunities"
  3.  46% — "Better work/culture environment"

With money clearly the dominant reason InfoSec professionals leave a company, ISACA Board Director Gregory J. Touhill says CISOs and business leaders need to double check what's happening within their organization:

"When you consider the 'value at risk' protected by the cybersecurity professional, there is a good case to be made that, in many organizations, the cybersecurity staff is not receiving proper or competitive compensation."

However, Touhill also says leadership should consider the top 3 list above as a package deal.

"For cybersecurity professionals, compensation is more than just making money. It is about being valued. It means seeing the organization demonstrate its commitment to its workforce (and its clients) by investing in the right technology and ensuring that its staff receive continuing professional education paid for by the organization.

It means assigning leaders who understand and appreciate technology’s role in driving business success and sharing the rewards equitably.

The best organizations that I served in made sure staff training was in the budget and that every member of the team knew what we, as an organization, were investing in them. In fact, I received my CISM certification through ISACA thanks to a commitment from my organization. Leadership matters when it comes to retention."

SecureWorld resources for professional development

The ISACA 2019 State of Cybersecurity results show a lack of professional development is the second most significant reason that cybersecurity professionals leave an organization.

And without a big travel budget for ongoing training and development opportunities, you may feel stuck. 

That's exactly why SecureWorld has been "connecting, informing, and developing leaders in cybersecurity" at regional cybersecurity conferences and courses for 18 years now.

Here are some options we offer for you and your team:

  • 1- and 2-day conferences for cybersecurity professionals across North America: these require little or no travel, participants earn 6-16 CPE credits, and acquire best practices they can implement immediately upon return to the office. Here is the 2019 calendar.
  • SecureWorld PLUS courses: These are 4-6 hour courses available online or in person at each 2019 conference. Major CPE credit and relevant topics and highly qualified instructors.
  • Web Conferences available both live and on-demand: SecureWorld offers complimentary web conferences that are approximately 90 minutes in length and offer 2 CPEs each. See current cybersecurity webinar offerings for details. 

Why professional development and cybersecurity conferences matter

So we know that professional development can help with employee retention.

But what is the point of doing this through collaboration at a cybersecurity conference like SecureWorld?

Jimmy Sanders, who is Vice President of Information Security at Netflix DVD and President of ISSA Bay Area, puts it like this:

"Our goal as cybersecurity practitioners is that we’re trying to not only make our companies more secure but the security environment better. I’m involved with SecureWorld because I love organizations that are working with the community and trying to improve cybersecurity as a whole."

Perhaps you or your team will join this movement to help better secure the continent, one organization at a time.