Gideon T. Rasmussen, CISSP, CISA, CISM, MVP
Professional
 
 
Retaining INFOSEC Professionals

Here is a response to one of my contacts who is having difficulty retaining both team leaders and team members. His team is comprised of auditors. However most of the advice pertains to retaining INFOSEC professionals in general.

Best wishes to you and yours in the new year!.

Kind regards,

Gideon

Gideon T. Rasmussen
CISSP, CISA, CISM, SCSA
Wellington, FL
gideon@...

http://www.ussecurityawareness.org
http://www.gideonrasmussen.com

Much of this you are probably doing but here goes... I would start by trying to establish comeraderie and esprit de corps with and amoungst your team. Meet with each of them and determine:

* Their current skill set with respect to auditing
* Their career goals over the next year or two (e.g. team leader)
* Their appetite for travel percentage and locations
* Areas of their skillset they would like to improve
* Tools and training they need
* Issues they are facing

Out of these meetings you may be able to better align the desires of the team with the requirements of upcoming audits. Be sure to take some sort of action shortly following the meetings or the team may take them as a form of half-hearted damage control.

Determine a time when all or most of the team will be in town and have a team building event. Ask them what they want to do. Try to include their families. Have the team over to your house. Learn what their personal issues are and be sensitive to them when possible (e.g. a new baby on the way).

Address any issues with reimbursement of travel expenses, inadequate transportation, daily food allowance or lodging. Streamline the associated paperwork, beaucracy and latency in reimbursement of funds. If accounting or office staff is the issue, make sure they and management know it. Fixing issues in these areas are a solid way to show that you are fighting for your team.

If you haven't already, establish weekly team meetings with formal minutes sent via e-mail. Those on the road can phone in or send comments to be read at the meeting in advance. Try to have a meaningful conversation with each team member at least once a week. Two-way communication can help with morale and retention.

Promote some of the current staff to team leader and increase their salary. With the current staffing constraints, it may mean they operationally stay in their current positions but they will see a light at the end of the tunnel. Start newbies as team members. They will see a career path due to recently promoted leaders. Also consider establishing a training program.

Would establishing separate external pen test and on-site units make sense?

Move quickly and decisively. Don't forget to let senior management know of the challenges you are facing and ask for their support and guidance.

Just my $.02.

Posted: Thu Dec 29, 2005 4:47 pm



Copyright © 2002 - 2007 Gideon T. Rasmussen All Rights Reserved.
Legal Notices