Outbound transferable skills
08:00 Monday, 26 July 2021
UK Cyber Security Council
We in the cyber security industry are keen – no, desperate – to fill the inordinate number of vacancies in our organisations. One of the problems is that, as with most other vocations, the number of people leaving cyber each year is non-zero. The reasons are many and varied, from stress and burn out at the most worrying end (a 2020 CIISec survey found that 54% said they or a colleague had left for this reason) down to simply realising in hindsight that the cyber industry had simply not the right choice.
Should we worry about this? Yes, absolutely - from the perspective that it's unacceptable for so many people to become ill because of their jobs. But if someone leaves a cyber job for positive reasons - for a role in a different vertical segment, say - not only should we applaud it, but we should give them the skills that enable this.
We've all met managers – and occasionally entire organisations – who are terrified of giving training to their staff for fear of equipping them to leave. And this is entirely the wrong view to take, of course: while a minority of employees embark on their time with a given company solely to skill up and move on to something better, this is the exception rather than the norm. And unless we are seriously misguided or gullible, we should be trying to train our staff in skills – both hard and soft – that make them more able to do the jobs for which we have employed them. If these skills are relevant to other fields, then such is life: that’s precisely the concept for which the term “transferable skills” was coined.
The skills that are considered “transferable” are absolutely core to the cyber industry: communication, logical thinking, interpersonal skills, speaking in front of audiences, some understanding of how technology works, the list goes on. Aside from any necessary formal security qualifications, such transferable skills are what differentiate a good candidate from a poor one, or an excellent one from a good one – hence we in the cyber industry are highly alert to candidates’ abilities in this sense. But whomever we take on, they never have perfectly optimal transferable skills: even if they are very good, there is always room for us to make them better, or more correctly to provide the facilities and help them become better.
If we skill someone up to become so good that they can move to a better job in a different company – or even outside cyber security as a whole – we should look on that as a good thing. It shows that we are investing in people, and that while they work for us we have a team of highly skilled people doing (hopefully) an excellent job.
We do, of course, have to look a little critically at ourselves. If skilled people are leaving because they are bored, or stressed, or underpaid relative to the industry norm, then we have done badly. But if, say, our information security officer leaves to become CIO of another company, that screams out as a success story: that person has moved up in seniority, albeit with another company, partly because of what we did to prepare them to do so. There are two reasons to celebrate such instances.
First, it extends our network. Even if that person no longer works for our company, there’s a good chance that at an individual level, they will stay in touch with our people and provide a potential source of information on new attacks, observations on how their new employer does things differently (in ways that had not occurred to us and we might seek to emulate) and so on.
Second, and more importantly, it is easy to assume that the departure of a member of staff is a permanent thing – which is not a valid assumption. If we look at the example we just cited, there is a good chance that the person would have applied for an internal promotion if a vacancy existed, but most of the time there isn’t. But just because someone left doesn’t mean – assuming they departed on good terms – that they will never come back. Most readers of this article will know people who have returned to a previous employer, generally in a more senior role.
And not only will we have already equipped them – at least in part – with the skills they need in order to be successful, but they will come back to us armed with a wealth of knowledge and experience from their other role, which would simply have been impossible to gain without having made that initial move out of our organisation.
So yes, it’s a shame when someone whom we’ve endowed with transferable skills leaves us. But we should consider that up-skilling as a job well done… and we should never assume the departure of someone we value has to be permanent.