What a Departure Email Can Teach Us About Security

When someone leaves their job to pursue other opportunities, we often receive an email about their departure. Many times, the departure email praises the person who has given notice. This would seem to be a courteous tradition when someone leaves.

If an organization has attrition under control, people don’t leave all that often. Regardless of how often someone resigns, departure emails do bring to light a common problem in our field.  Of course, it is kind to send someone off with praise and wish them well. There is, however, another side to departure emails that many of us don’t consider.

How often do we see emails praising people who have chosen to stay with the team?  How often do those people who continue to work hard and go above and beyond for the organization receive praise (via email or otherwise)?  If we only praise people when they leave, how exactly do we plan to motivate people or encourage them to stay?

On this topic, I’d like to offer five ways in which praise can improve an organization’s security posture:

1. Morale: Management, even when well-intentioned, can sometimes create an environment of negativity without realizing it. Seeing that a mistake has been made or will soon be made is an important part of being a manager. In those instances, the manager has an obligation to point out the issue respectfully and professionally, and then assign one or more people to the task of correcting it. So what is the problem here you ask?  Think about it from the perspective of the employee.  If managers only point out work that needs correcting and don’t make the effort to point out the positive, all the employees hear about from management is that they’ve made mistakes or that their work needs course correcting. Without positivity and praise to go along with the constructive criticism, the employees can wind up feeling like management isn’t happy with them or that their contributions aren’t being noticed. That isn’t a great state to be in, though the good news is that it is easily corrected with a few compliments.

2. Retention: According to various different studies, an employee’s manager is the number one contributing factor to whether they stay or go.  Granted, there are many elements influencing an employee’s decision around whether or not to resign. Nonetheless, the manager is one of the most central and important factors. As such, a few kind, warm, and sincere words that notice the employee and the employee’s contributions go a long way towards helping retain quality employees.  Managers that take the time to notice and comment on good work, get to know their employees, learn about their families and friends, discuss issues that are important to them, listen to what they do and do not enjoy about the work environment, and other points generally have a much better retention record than those that do not.

3. Motivation: Picture someone that you like and care deeply about. If they asked you to drop everything and help you run an errand, do a chore, or move a sofa, would you do it? Now picture someone that you don’t particularly care for. Would you help them? Regardless of how you answered these questions, I think you understand my point. Most employees are quite happy to work hard for and go above and beyond for managers that they believe truly care about and look out for them. If, as a manager, you care about your employees, it will help with productivity. Be careful to be sincere about it though – many employees can see right through fakeness, and it often backfires.

4. Trust: As security professionals, we are well aware of the fact that security is a profession built on trust. Whether it is trust that bonds the team, trust that helps us engage stakeholders within the business to better secure it, trust that helps convince leadership that we are appropriately protecting the enterprise, trust that helps us maintain the approval of customers and partners, or otherwise, our success as security professionals depends on it.  Have we ever taken a step back, however, and thought about the different elements that go into building trust?  There are many, though praise is an important one.  If those we work with understand that we appreciate them and their efforts, it goes a long way towards building trust and buy-in.

5. Development: If you weren’t already aware of the importance of praise in security, perhaps you are now. But are you aware that praise also benefits us and our careers as security professionals? Learning to praise others sincerely is great for one’s career. When we remember to praise people and efforts we are proud of and happy with, people notice. They begin to think of us as happier, more positive, and yes, more capable people. It is not hard to see how this can very easily translate into a very good thing for our respective careers.

How often do we make sure to praise people’s actions that we like?  How often do we take the time to let our co-workers know that we appreciate their work and their contributions? If we did so more often, we might hear of their departures less.