May 6, 2022

Last Updated on January 15, 2024

The ongoing information security talent shortage is as much about retention as it is about hiring. Security pros change jobs at a revolving door pace.

What’s making good people leave good companies? And how can your company be a place where everyone, not just security staff, wants to stay?

Cyber talent expert Deidre Diamond, Founder and CEO at CyberSN, lays out the problem and the solution on a recent episode of The Virtual CISO Podcast. The show’s host is John Verry, Pivot Point Security CISO and Managing Partner.

Reinforce soft skills

Deidre frames her view of the situation through an 8-step approach to building a more “inclusive” corporate culture where everyone feels emotionally safe.

Step #5 in Deidre’s “inclusivity framework” is: consistent management training.

“Much like hard skills, our soft skills need consistent training,” Deidre underscores. “It takes seven years to develop a new habit. We want these EQ [emotional intelligence] skills to be habitual—having this conversation front and center for managers constantly.”

But finding ready-made soft skills training for managers is easier said than done.

“Few training places is a problem,” Deidre acknowledges. “Myers Briggs, situational leadership…  I love them both. Use what we have. Organizations have to care enough to create the management training they need.”

Trust but verify

Along with a plan for learning and reinforcement, even if it’s ad hoc, you need metrics to measure outcomes.

“Trust but verify that this is happening,” Deidre advocates. “What’s the evidence? Are the one-on-ones happening? What type of feedback are you giving your people?”

Where is the safety zone?

Deidre asks a great question: “Where does somebody go when they’re having trouble, or didn’t do win-win well? Do they have support? Is there a way to talk about it and help them do it better?”

Soft skills training isn’t a one-time conversation or workshop—it’s holding the space for doing it consistently. Traditionally this has fallen under executive training and/or under HR if it has existed at all. Few departments get this kind of support even within mature companies in Deidre’s observation.

What’s next?

Ready to listen to the show with cybersecurity recruiting expert Deidre Diamond? It’s available here.

Interested in the first podcast with Deidre and John Verry? You’ll find it here: EP#2 Deidre Diamond – How to Attract & Retain Cyber Talent