Connect with us

Hi, what are you looking for?


Email Security

Two-thirds of IT Employees Are Ready to Walk Out the Door: Survey

Survey Shows IT Security Pros Aren’t Getting the Business Expertise Skills They Need at Their Current Companies…

Survey Shows IT Security Pros Aren’t Getting the Business Expertise Skills They Need at Their Current Companies…

With information security initiatives becoming more prominent in organizations, now is a good time to be an IT professional. However, organizations who don’t invest in their personnel run the risk of their experts moving elsewhere.

IT professionals are noticing a significant change in how they are regarded within their organizations, according to the latest research report from Wisegate, a private practitioner-based IT research services group. Instead of being treated as a nuisance or necessary evil, IT is increasingly being integrated into and respected by the business, according to the respondents—senior IT practitioners across a variety of industry sectors—who participated in the Wisegate survey.

IT Security Skills TrainingBut there is a gap somewhere, as many of the 362 IT professionals surveyed were looking for opportunities outside their organizations. Almost half of the respondents felt their organizations did not offer the opportunities they needed to advance in their careers. Two-thirds of the respondents said they expected to move on to another organization within the next two years. Respondents weren’t just anticipating events beyond their control, as nearly half said they wanted to move within the year.

“The fact that two-thirds of the IT employees are waiting to walk out the door is a far bigger risk [for organizations] than the next cyber-attack or a data breach,” Sara Gates, founder and CEO of Wisegate, told SecurityWeek.

A Good Work Environment

Security practitioners aren’t looking elsewhere because their organizations were ignoring their concerns or downplaying the importance of security. In fact, 72 percent of Wisegate respondents said their organizations took IT “very seriously” or “somewhat seriously,” according to the report. What was even more significant was the fact nobody reported “not at all seriously” to this question, the report’s authors noted.

“This makes particular sense considering the shadow recent high-profile IT security incidents have cast, as well as the growing importance of mobile, apps and cloud as key business decisions that rely on IT to be successful,” the authors wrote.

A little under two-thirds of the respondents said processes at their organizations were “somewhat flexible” or “somewhat rigid,” according to the report. This means the IT processes aren’t treated trivially, nor are they “cast in stone and impossible to change” when necessary. This kind of environment “is actually ideal for IT professionals as they work to ensure stability and order at their places of work, even as technologies and new risks require them to frequently adapt,” the authors concluded.

Advertisement. Scroll to continue reading.

“Business perception of IT security is at an all-time high, making security professionals more valuable on the market,” Gates said.

Soft Skills Wanted

IT professionals are discovering their place in the business, their ability to affect the business, and their career options are changing. However, only 34 percent felt there were opportunities to advance in their current organizations, and 47 percent felt they would have to “leave my current company in order to move up the ladder,” according to the report. And lest anyone accuse these professionals of chasing a bigger paycheck, respondents to the Wisegate survey ranked “more money” sixth out of a list of eight reasons to move.

Instead, the Wisegate participants were interested in having more opportunities to learn, facing challenging work opportunities, and receiving positive feedback from the business side of the organization. IT professionals recognize they have to develop the soft skills necessary to work effectively with their non-IT counterparts.

Organizations interested in retaining their security staff need to look at the talent pool in a smarter way, Gates said. Developing technical skills, while important, is no longer enough. Programs focusing on soft skills such as effective communication, presentations, and negotiation are important. Organizations also need to open up internal opportunities to grow and advance. These security practitioners were “very focused on the [soft] skills they need; they are self-aware,” she said.

There is no need for the “lens of fear,” or worrying that investments would be wasted because the practitioners are going to leave anyway, Gates suggested. Since investments accumulate, organizations can spread out initiatives over a five-year program. One or two changes each year will be more effective than trying to throw together a lot of programs with varying levels of effectiveness. “It’s time to ask, ‘What’s the one thing you need to grow in your career?’ We need to build relationships,” Gates said.

The report was very clear: IT security professionals aren’t getting the business expertise skills they need at their current companies and positions, and are therefore looking elsewhere. IT professionals are in the position to gain and exert influence within their companies, and the way to stop the security exodus is to provide those opportunities internally.

“As their ability to interact grows, this can only be good for the business,” the report concluded.

The full report is available online (PDF) from Wisegate.

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.