May 6, 2022

Last Updated on January 15, 2024

If cybersecurity is such a great profession, why do people job-hop so much? Is it all about money and benefits?

Definitely not, explains cyber talent expert Deidre Diamond, Founder and CEO at CyberSN on a recent episode of The Virtual CISO Podcast.

As an industry leader seeking to reform hiring practices, Deidre has a clear view of the cybersecurity talent retention problem. And she has invested years of focus to develop proven solutions.

Got measurable agreements?

Deidre enumerates 8 steps to creating an emotionally safe workplace that supports career and personal development—what she calls an “inclusive” corporate culture.

Step #6 is: Roles and responsibilities are clearly defined and measured.

Everybody knows this is important. But it’s often skipped because it takes time and analysis, not just guesswork. As a result, failure to create measurable agreements is a major contributing factor in a very high percentage of work clashes.

“The number one issue when there’s a conflict or problem, almost always in an organization it’s who was responsible for what,” observes Deidre. “Or overworking somebody because you don’t really know what they do.”

“Let me guess… You didn’t have a measurable agreement. It’s constant,” Deidre quips.

Free help from CyberSN

Some job performance is much harder to measure than others. The more challenging scenarios take more time and effort to map out.

CyberSN has job description templates available free of charge online for anyone to use. Even as a starting point it can help with defining roles and responsibilities.

Transparency is key

What if your company is growing so fast that some peoples’ job descriptions are a work in progress? So be it—just be transparent about it.

“When you don’t have the ability to fully define somebody’s job because you’re growing so fast, tell them that,” counsels Deidre. “Get together. Put it in the calendar. Keep defining and defining as they’re getting their feet under them over three to six months. We’re having the conversation, we planned it… It’s not like I didn’t have the conversation and just left them hanging.”

Mind the time

Making measurable agreements applies not only to roles and responsibilities but also how much time someone is responsible to spend on a project or task.

Then, once you’re in “project mode,” what are the delivery dates? Deidre recommends encouraging people to speak up as soon as it’s clear they won’t or might not hit a delivery target.

“First, it’s making measurable agreements. Then it’s managing measurable agreements—and teaching others how to do it as well as doing it ourselves,” says Deidre. “Dates and schedules have to change. But doing it at the last minute, after you’re known for a while… People see that stuff. You lose credibility as a manager if you do that.”

The key to operations

Setting clear expectations. How important is it?

“It’s the key to operations, bottom line,” Deidre declares.

It’s key to retaining good security people, too.

What’s next?

The podcast episode with cybersecurity hiring expert Deidre Diamond from CyberSN is available here.

Don’t miss the first podcast with Deidre and John Verry, available here: EP#2 Deidre Diamond – How to Attract & Retain Cyber Talent

ISO 27001

ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times