With more than 60% of cybersecurity professionals considering a job change within the next year, Chief Information Security Officers (CISOs) are re-evaluating how to retain their Cybersecurity Talent . While competitive salaries and perks remain important, the spotlight has shifted to long-term career development, upskilling, and internal mobility. According to a report by IANS Research and Artico Search, dissatisfaction with career progression is a key factor driving professionals toward the exit.
Experts argue the industry’s talent crisis isn’t due to a lack of skilled workers, but a lack of investment in their development. Tom Chapman, co-founder of cybersecurity recruitment firm Iceberg, believes the real issue lies in a “training and development gap,” not a shortage of talent. Many employers seek mid-career professionals with 6–10 years of experience, candidates who are already in stable roles and hesitant to move without clear growth opportunities.
Jessica Cassidy, co-founder of OPCyberTalent, emphasizes the widening experience gap. While entry-level talent is growing, the demand for mid-tier professionals, experienced enough to manage threats but not yet eyeing retirement, is surging. These professionals are viewed as adaptable and affordable, making them highly valuable and even harder to replace
CISOs Understanding Why Cybersecurity Talent Walks Away
To retain Cybersecurity Talent , it’s essential to first understand what drives them away. Chapman and Cassidy cite multiple factors: limited influence in decision-making, weak leadership, reactive security cultures, stagnant roles, and lack of visible career pathways. One telling example involved a Security Operations Center (SOC) analyst who, despite his dedication and eagerness to grow, had never been approached about his career goals. He was upskilling on his own and ready for a new challenge, but his current employer hadn’t created space for that conversation, ultimately opening the door for recruiters.
Cassidy stresses that many cyber professionals are natural problem-solvers rather than career planners, making regular, proactive check-ins vital. Without them, organizations risk losing motivated employees to competitors who offer clearer pathways for advancement. “If you’re not having regular conversations about growth,” Chapman warns, “you’re leaving the door wide open for attrition.”
Building Cyber Teams and Cybersecurity Talent from Within
CISOs are also discovering the power of internal talent development. Chapman shares the example of a CISO at an industrial firm who needed OT (Operational Technology) security engineers. Instead of hiring externally, he identified curious control engineers within his plant and created a structured training program for them, pairing them with mentors, holding workshops, and even inviting guest instructors. The result was a stronger, more resilient team and unexpected career pivots, including a woman who now leads vulnerability assessments across all plants.
Certifications and structured upskilling are also gaining traction. Chapman and Cassidy agree that covering the cost of certifications, sometimes worth thousands of dollars, can significantly boost loyalty. Cassidy adds that pairing these credentials with financial incentives tied to performance milestones further motivates staff. Creating autonomy, allowing managers to build their own teams or influence tooling decisions, can also serve as a retention hook.
Ultimately, CISOs are realizing that talent retention is not a one-size-fits-all process. It’s about personalized growth, clear pathways, and a supportive environment that aligns professional aspirations with organizational goals. As Chapman puts it, “If you’re not asking what motivates your staff, someone else will.”
