Technology has been one of the hardest-hit industry sectors during the Great Resignation, and there’s no evidence a turnaround is on the horizon. In a recent article published on the tech career website Dice (“Cybersecurity and the Great Resignation: What Tech Pros Should Know”), Mike Hamilton, founder and CISO at security firm Critical Insight and former CISO for the City of Seattle, described the past year in the cybersecurity field as “a seller’s market” in which “quality of life issues such as remote work and limited travel have been elevated in importance.” That’s certainly a motivating factor for many workers, but the situation is exacerbated by growing demand: CyberSeek’s Cybersecurity Supply/Demand Heat Map currently lists 597,767 cybersecurity job openings.
For workers with skills and talent, there’s an abundance of opportunity for bigger paychecks, better benefits, and advancement. In the Dice article Kevin Dunne, president of security firm Pathlock succinctly spelled it out: “As the number of threats increases, the number of companies hiring CISOs is growing. Whereas it was an emerging role even 10 years ago, it is now a required position at almost every enterprise.” There are currently more than 500 openings for CISOs listed on LinkedIn.
If you’re the CISO, and a senior member of your security team quits, what steps should you take? What about if you’re the CEO and your CISO quits? The situation will require more than just a lock-out.
How can CISOs prepare for the Great Resignation?
Here are some advice and suggested actions from Shared Assessments subject matter experts:
Ron Bradley, Vice President (CISSP, CISA, CTPRP): My advice to CISOs is to focus on Data Loss Prevention (DLP) and Identity and Access Management (IAM) tools rather than specifically on security professionals, particularly for voluntary resignations. The reality is (especially for security professionals) if they want to do something malicious, or infiltrate data, they will do that before they resign, so the point of control is moot.
With IAM and DLP tools you can (and should) put privileged users in a heightened policy group as a matter of practice. CISOs should not lose focus on those who have access to the company’s “crown jewels” (e.g., trade secrets, personally identifiable information (PII), the ability to move money, M&A activity, board reports, SEC filings, etc.). Not all security personnel have that ability or access.
Tom Garrubba, Vice President: “I would also add that monitoring of critical or “root” accounts is essential; review any activity when a “super-user” (or “God”) account is created or when someone changes their own privileged access account to that level.”
Nasser Fattah, Senior Advisor, suggests these “offboarding” steps:
- Disable the departed’s account across systems, applications, and single sign-on solutions
- Remove remote access, starting with VPN
- Change all relevant passwords, PINS, tokens, etc.
- Disable and wipe electronic communications happening via mobile devices, including smartphones, remotely when necessary
- Remove physical access
- Monitor the employee’s ID for anomalies or activity
- Recover all company equipment, including badges, computers, MFA, etc.
- Inform the team of the employee’s departure
Finally, understand these are precautionary measures and when appropriate, explain them as such to impacted employees. No one enjoys working in an environment where they are viewed as potential threats, but everyone understands “trust, but verify.”