Skip Navigation
BlackBerry ThreatVector Blog

The Great Resignation (in Cybersecurity)

By now you may have heard of the “Great Resignation of 2021.” Essentially, this recognizes that resignations across a wide range of industries (including cybersecurity) are at levels not seen in a very long time. According to the U.S. Bureau of Labor Statistics, 4.4 million people resigned in September 2021 alone, which constitutes 3% of the entire American labor force. While no industry or organization is immune to churn, the cybersecurity industry is particularly vulnerable to it, due in large part to the pre-existing shortage of skilled workers in the field.

In this article, we will discuss some of the possible reasons for the exceptionally high churn in cybersecurity and potential solutions that exist. 

The Bureau of Labor Statistics indicated U.S. workers set another new record for quitting their jobs (Source: Washington Post)
 

Contributions to Cybersecurity Resignation

As cybersecurity consultants, we have the advantage and privilege of speaking to many organizations about their challenges, and the latest trend seems to be employee turnover. There isn’t a single reason for this phenomenon, but most likely the culmination of multiple reasons which include:

  • Psychological need for change and freedom – Let’s face it, COVID-19 has been tough on the human psyche. People feel the need to exercise control over areas in which they have it and sometimes this results in a change in career or employer.
  • Pre-existing negative unemployment rate – Even prior to the pandemic, there were not enough skilled resources to cover available jobs. Imagine the game of musical chairs, however instead of n-1 chairs, we have three million more chairs than people. This naturally provides plenty of opportunities for someone to find another chair.
  • Work from anywhere – While many in the cybersecurity field could already work remotely, this trend has dramatically increased post-pandemic. The number of chairs in our example above is plentiful, but all were not previously available based on job location. Now there are many more chairs to explore due to the new work-from-anywhere environment.
  • Burnout from short-staffing is real – Existing staffing shortages are (ironically) a self-perpetuating problem, where an overworked workforce leads to more burn out, resignations, and increased staffing shortages. Start anywhere on the treadmill below and you can easily continue the cycle.
The cycle of staffing shortages 
 

The Great Reset

Now that we know some of the causes, how do we fix or start to minimize the effects? Here are some ideas:

  • Employee perks and conditions – This is easy to state, but not always easy to put in place. There can be challenges with implementing a 100% work-from-anywhere policy or salary bumps for everyone. However, there are small things we can all do, such as remembering to recognize contributions, sending thank you notes, giving extra days off when possible, and trying to reduce work-related stress. The goal is to build a culture of teamwork and appreciation.
  • Openness to career change / junior hires – One side effect of The Great Resignation is that many people are changing career fields. Some of those individuals may not have the exact background you are seeking, but are hungry to learn. If you have a training program in place, consider trying to find and hire those with a thirst for knowledge. 
  • Automate the mundane – Few humans like repetitive tasks, so try to automate as much as possible. This applies to cybersecurity challenges (events, alerts, incidents) and beyond (purchasing, hiring, and other activities that require multiple steps and approvals).
  • Artificial intelligence / Machine learning – A force multiplier can be applied to cybersecurity challenges (such as malware detection, continuous authentication, etc.) and other areas of the business. Using artificial intelligence and machine learning can reduce the workload of your overworked cybersecurity staff, and also keep them focused on tasks that require human intervention. 
  • Staff augmentation and professional services – If you don’t have the in-house staff, reach out to partners to see if they can help meet your needs. There may be some upfront costs for professional services or staff augmentation, but selecting a partner with the proper skillset can help offset costs with improved efficiency.
  • Managed Detection and Response (MDR) – Consider offerings that can scale far beyond performing this task yourself: There are teams of people ready to step in, with tried and tested processes and technologies designed for efficiency in protecting workforces that range from hundreds to thousands of employees. When compared with implementing the same capabilities in-house, MDR is almost always the most cost-effective solution.

Concluding Thoughts

While the cybersecurity industry navigates the ongoing effects of The Great Resignation, all hope is not lost. Seek opportunities to improve the internal issues that may be causing valued employees to leave, and consider leveraging some of the recommendations made in this article. Preventing all churn is impossible, but there should be a leveling off over time. In the meantime, having a plan to minimize the effects of resignations can help keep your organization secure, and reduce further burn out in your existing workforce.

BlackBerry Can Assist

If you are looking to establish a professional services or MDR relationship for your organization, please contact us so we can help with your Managed Detection and Response (MDR) or other professional services needs.

Erin Ransom

About Erin Ransom

Erin Ransom is Vice President, Sales Enablement, BlackBerry.


James Morrison

About James Morrison

James Morrison is HR Business Partner, Senior Manager, BlackBerry.


Tony Lee

About Tony Lee

Vice President, Global Services Technical Operations, BlackBerry

Tony Lee has more than fifteen years of professional research and consulting experience pursuing his passion in all areas of information security.

As an avid educator, Tony has instructed thousands of students at many venues worldwide, including government, universities, corporations, and conferences such as Black Hat. He takes every opportunity to share knowledge as a contributing author to Hacking Exposed 7, and is also a frequent blogger, researcher, and author of white papers on topics ranging from Citrix Security, the China Chopper Web shell, and Cisco's SYNFul Knock router implant.

Over the years, he has contributed many tools to the security community such as UnBup, Forensic Investigator Splunk app, and CyBot, the extensible Threat Intelligence Bot framework designed for anyone from a home user to a SOC analyst.