1 00:00:00,05 --> 00:00:01,09 - [Narrator] All right, folks. 2 00:00:01,09 --> 00:00:06,01 So far we've focused a ton of energy on hiring. 3 00:00:06,01 --> 00:00:08,00 But what about retention? 4 00:00:08,00 --> 00:00:11,06 Fact is, we've reached a point in the cybersecurity industry 5 00:00:11,06 --> 00:00:14,04 where retaining talent is almost as challenging 6 00:00:14,04 --> 00:00:16,01 as hiring talent. 7 00:00:16,01 --> 00:00:18,09 We'll focus on some specific retention strategies 8 00:00:18,09 --> 00:00:20,01 in later chapters, 9 00:00:20,01 --> 00:00:23,02 but before we go down the path of all the things we can do 10 00:00:23,02 --> 00:00:25,01 to retain our employees, 11 00:00:25,01 --> 00:00:27,05 let's chat about why retention is important. 12 00:00:27,05 --> 00:00:29,08 Why do we even care? 13 00:00:29,08 --> 00:00:31,03 Remember the questions I posed 14 00:00:31,03 --> 00:00:33,06 at the beginning of the course to keep us grounded 15 00:00:33,06 --> 00:00:36,05 and focused on the team's desired outcome? 16 00:00:36,05 --> 00:00:37,07 Of course you do. 17 00:00:37,07 --> 00:00:40,05 But I'll remind you, just in case you forgot. 18 00:00:40,05 --> 00:00:45,09 The first is, what is the top priority of my security team? 19 00:00:45,09 --> 00:00:49,04 And the second is, what are the team's high level roles 20 00:00:49,04 --> 00:00:51,01 and responsibilities? 21 00:00:51,01 --> 00:00:53,01 Now why did I bring that up? 22 00:00:53,01 --> 00:00:56,03 The reason we always want to refer to these two questions 23 00:00:56,03 --> 00:00:58,06 as security leaders is that it will remind us 24 00:00:58,06 --> 00:01:01,04 of why we exist and why our teams exist 25 00:01:01,04 --> 00:01:04,06 and help guide our decisions a bit. 26 00:01:04,06 --> 00:01:06,03 All right, good talk to you. 27 00:01:06,03 --> 00:01:09,09 But how exactly does this relate to retention? 28 00:01:09,09 --> 00:01:11,08 I'm so glad you asked. 29 00:01:11,08 --> 00:01:14,02 You really do ask all the great questions. 30 00:01:14,02 --> 00:01:16,03 Now I have one for you. 31 00:01:16,03 --> 00:01:19,06 What is the overall mission of your security team? 32 00:01:19,06 --> 00:01:24,03 I'll pause for a moment and let you think about it. 33 00:01:24,03 --> 00:01:25,05 Okay. Time's up. 34 00:01:25,05 --> 00:01:28,00 Now I obviously can't hear you, 35 00:01:28,00 --> 00:01:30,09 but I'm guessing your answer was something along the lines 36 00:01:30,09 --> 00:01:33,09 of reduce the organization's cyber risk, 37 00:01:33,09 --> 00:01:37,05 or maintain regulatory compliance, 38 00:01:37,05 --> 00:01:38,08 or respond to threats 39 00:01:38,08 --> 00:01:41,00 within the organization's infrastructure, 40 00:01:41,00 --> 00:01:43,04 improve the organization's security posture 41 00:01:43,04 --> 00:01:44,07 or something similar. 42 00:01:44,07 --> 00:01:48,01 Right? Okay, one more question. 43 00:01:48,01 --> 00:01:49,05 Think about your response 44 00:01:49,05 --> 00:01:52,03 and the example responses I just provided. 45 00:01:52,03 --> 00:01:55,01 What do they all have in common? 46 00:01:55,01 --> 00:01:58,08 The answer is all these missions 47 00:01:58,08 --> 00:02:02,02 or security program outcomes are continuously developed, 48 00:02:02,02 --> 00:02:06,00 monitored, measured and modified, 49 00:02:06,00 --> 00:02:10,02 so improvements occur over time. 50 00:02:10,02 --> 00:02:12,03 Tying this back to retention, 51 00:02:12,03 --> 00:02:15,07 the longer an employee remains on your security team, 52 00:02:15,07 --> 00:02:18,05 the better they understand business requirements, 53 00:02:18,05 --> 00:02:23,00 internal processes, technology solutions and so on. 54 00:02:23,00 --> 00:02:25,08 They also have historical context regarding things 55 00:02:25,08 --> 00:02:28,01 like why certain decisions were made, 56 00:02:28,01 --> 00:02:32,02 legacy technology, retired solutions and processes, 57 00:02:32,02 --> 00:02:34,06 lessons learned, et cetera. 58 00:02:34,06 --> 00:02:37,08 As we all know, context is critically important 59 00:02:37,08 --> 00:02:39,05 in the world of cybersecurity. 60 00:02:39,05 --> 00:02:42,00 The more detail or experience we have, 61 00:02:42,00 --> 00:02:44,06 the better our decisions become. 62 00:02:44,06 --> 00:02:48,07 This perspective makes long term employees invaluable 63 00:02:48,07 --> 00:02:51,06 and should therefore place employer retention at, 64 00:02:51,06 --> 00:02:53,01 or very near, the top 65 00:02:53,01 --> 00:02:56,01 of every security leader's priority list. 66 00:02:56,01 --> 00:02:57,07 When you lose a resource 67 00:02:57,07 --> 00:03:01,04 that has been a strong member of the team for several years, 68 00:03:01,04 --> 00:03:06,01 your ability to mature or improve takes a hit. 69 00:03:06,01 --> 00:03:09,05 Your security program either takes several steps backwards 70 00:03:09,05 --> 00:03:12,06 because you had to start over with a brand new resource 71 00:03:12,06 --> 00:03:15,05 or at the very least is at a standstill 72 00:03:15,05 --> 00:03:17,01 while you bring an internal resource 73 00:03:17,01 --> 00:03:19,06 up to speed to assume a new role 74 00:03:19,06 --> 00:03:22,02 and or take on additional responsibility. 75 00:03:22,02 --> 00:03:25,01 It is much easier to retain your top mid 76 00:03:25,01 --> 00:03:26,04 to senior level talent 77 00:03:26,04 --> 00:03:28,08 and snap in new junior resources 78 00:03:28,08 --> 00:03:32,03 to handle simple non-critical tasks 79 00:03:32,03 --> 00:03:36,01 than it is to snap in a new, mid to senior level resource 80 00:03:36,01 --> 00:03:38,09 that will need to do a great deal of catching up 81 00:03:38,09 --> 00:03:40,06 before they can begin to take on 82 00:03:40,06 --> 00:03:43,06 highly complex, business critical initiatives. 83 00:03:43,06 --> 00:03:45,09 Not to mention, we've already discussed 84 00:03:45,09 --> 00:03:49,01 how challenging it can be to hire talent at this level, 85 00:03:49,01 --> 00:03:51,03 so we probably want to avoid that. 86 00:03:51,03 --> 00:03:53,01 Now that we're aligned on the problem, 87 00:03:53,01 --> 00:03:54,09 let's jump over to the next section 88 00:03:54,09 --> 00:03:57,00 where we'll begin to unpack the solution.