May 5, 2022

Last Updated on January 15, 2024

Even when paid competitive salary and benefits, many security pros change jobs again within 12 to 18 months.

How can your company rise above the cybersecurity talent shortage? What’s missing from most companies that keeps people looking for something better? And what can orgs do better to retain the people the business depends on?

Cyber talent expert Deidre Diamond, Founder and CEO at CyberSN, explains exactly what’s wrong and how to fix it on recent episode of The Virtual CISO Podcast. With host John Verry, Pivot Point Security CISO and Managing Partner, Deidre shares her 8-step approach to a more “inclusive” and caring corporate culture.

Kindness, respect and compassion

Step #4 in Deidre’s “inclusivity framework” is: kindness-only culture.

A kindness-only culture upholds core values of kindness, respect and compassion. Starting with managers, people mindfully build skills and a view to create a work environment where all feel cared for—both interpersonally and around career growth.

Think it’s all ‘kumbaya’? It’s anything but. Kindness and retention go hand-in-hand, even for technical types. But as Deidre notes, it’s hard to find kind corporate cultures.

“Everybody thinks they have a kindness culture but there’s a lot of unconscious bias,” Diedre considers. “A culture that’s positive, doesn’t haze, doesn’t have nicknames, so that everything that comes out of our mouths is kind even if it’s a reprimand or holding someone accountable.”

Kiss kick push

As an example of how to keep a kind mindset even in difficult scenarios, Deidre advocates a “kiss kick push” approach:

  • The kiss is saying something that’s honestly positive (not “blowing smoke”) about the other person
  • The kick is the discussion of what happened
  • The push is the plan for how to improve things

“Even in the worst times when I have to really confront somebody on performance or a situation, the first thing out of my mouth needs to be something that’s more a kiss than a kick or a push,” Deidre explains. “Concepts like this allow us to have kindness be part of our culture even when it’s the hardest. It makes a difference for the recipient if you come at it ‘kiss’ more so than ‘kick.’”

Especially when managers are rated on their ability to apply soft skills like these, results can be dramatic. Teams get tighter, people feel good about coming to work, and retention for everyone improves across the board.

What’s next?

Ready to hear the complete episode with security recruiting leader Deidre Diamond? You’ll find it here.

Trying to loosen the security talent squeeze? Here are more survival tips: Surviving the Cybersecurity Squeeze: Shrinking Talent Pool, Growing Workload

Need answers regarding ISO 27001 certification requirements?

Learn about the audits you will face to achieve and maintain certification, what's involved, and the cost you can expect to pay to achieve and maintain certification.
Download our NEW ISO Certification and Cost Guide now!