Industry Insights with Jennifer Mitchell

Email Security & Protection , Fraud Management & Cybercrime , Video

Enabling the 'Great Retention' in Cybersecurity

Jennifer Mitchell on Retaining Cybersecurity Staff Amid the Great Resignation
Enabling the 'Great Retention' in Cybersecurity

In the face of the Great Resignation, I predicted in late 2021 that the opposite would be true for cybersecurity personnel - a phenomenon I call the "Great Retention." A big part of retaining qualified specialists is ensuring that their work-life experience suits the company's needs and expectations.

See Also: First Annual Generative AI Study - Business Rewards vs. Security Risks: Research Report

While some might argue that you would use the same methods to retain technical and nontechnical roles, I have some insight to the contrary, having managed ActZero’s cybersecurity personnel for a number of years, coupled with my experience as our Head of People. Indeed, while some of these challenges apply elsewhere, the nature of cybersecurity roles tends to amplify them. In an effort to understand why, I highlight the specifics and nuances of making and keeping security personnel engaged and satisfied, positioned against the problems once thought of as hazards of the industry.

Odd Hours

The first and most obvious challenge for security professionals is the notion that "the bad guys never sleep." Having 24/7 coverage is a tenet of the industry, reflected in practices of both security providers and companies with in-house capabilities. For those security staff at small to midsized enterprises, while a 24/7 SOC may not be in the cards, the expectation is that they are always on call. This can prove very taxing for security professionals, which often results in them making mistakes.

One of the ways we addressed this issue was with a “follow the sun” model. In an increasingly virtual world, where remote work is now the norm, your security professionals needn’t be in your office, nor even your country/time-zone.


Even if security professionals are part of a team or are scheduled during business hours, they live with the ever-looming possibility that an incident will occur and they will be called in to deal with it. This inherent unpredictability leaves staff unable to turn off, even when they aren’t at work. The "follow the sun" model helps with this too, but in order for it to work, trust is required. IT leaders can encourage trust.

Single-Person Dependencies

Cybersecurity skills are rare and often expensive, which helps to explain why there are so many "one-body" cybersecurity teams at SMBs. Single-person dependencies increase the risk of working or being called in at odd hours as well as the stress level of the in-role person. They also render the trust element somewhat moot, as without a backup, whom can this person trust to cover them when they’re off?

Generalist Skills

The opaqueness within the security industry has furthered the notion that specialist skills are required across the board and has hidden the fact that generalist or other nontechnical, specialist skills may apply.

There are steps you can take to solve for this, at least during an incident. You may find - as I did while leading our SOC team - that many of the skills required to deal with an incident aren’t inherently "cyber." Examples are coordinating the response, communicating with the team and documenting the incident. By assigning such tasks that don’t require specific cybersecurity expertise to team members other than your single-person dependency, you can remove a lot of the stress and time required of that person - even if they are still necessary.

This method is often used as an exception - for example, with a startup that doesn’t have the technical bench or when the sole security person is on vacation. But you can plan for this all the time. It’s a matter of efficiency - making the best use of a highly in-demand skill. Sure, sometimes it can be more complex to manage a broader response team, but it’s much better for your organizational redundancy and resilience if you have folks that can apply their skills to extraordinary circumstances.


Ultimately, flexibility will be key to achieving a positive work-life experience for cybersecurity employees. The methods described above can help achieve such flexibility for a functional area that has long been seen as rigid. Some of them, such as the "follow the sun" model - are more expensive than others but that’s why we offer a Managed Detection and Response service that enables access to cybersecurity capabilities that do not require a dedicated cyber staff to manage them.

To learn more about our cyber predictions, check out the 2022 Cybersecurity Predictions white paper.

To find out other ways to not only retain but actively engage your cybersecurity pros, use the Technical Staff Retention Cheat Sheet.

About the Author

Jennifer Mitchell

Jennifer Mitchell

Vice President of Operations and Optimiztion, ActZero

Jennifer Mitchell transforms security operations for hyperscalability in growth and investment while maintaining quality and profitability. Her strategy is an innovative counter to accepted thinking within the industry and has helped contribute to a SOC that is already performing well above industry standards. Beyond the nuts and bolts of strategic operations transformation, she is also fiercely dedicated to the importance of people in tech. Mitchell is a passionate advocate for the importance of diversity and inclusivity within the cybersecurity industry. She works to actively challenge people’s expectations of what the culture within a successful cybersecurity company -and the industry at large - can look like. Her knowledge that a genuinely inclusive workplace helps retain the best talent drives her commitment to making ActZero a destination company within the industry.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.