By Jeff Cartwright, Vice President, Eastern Canada, Cyber Security Practice Lead
For cyber security consultants, skyrocketing demand holds the promise of lucrative contracts and career-boosting assignments. But
increased workloads and higher stress rates reveal a double-edged sword. Given both the lure of higher pay and the inherent job challenges, high turnover is a very real—and very costly—risk.
Retention tools at your disposal
We take turnover personally. As a staffing company, we’re not immune to the problem. When we place a cyber security professional, it’s in our best interests as well as yours that they don’t leave you high and dry mid-assignment. And for your own full-time employees, you can expect turnover costs of
100-150% of annual salary.
One of S.i. Systems’ Financial Services clients shares, "Turnover is disruptive to my team, and in my domain, more common than I'd like. Given the time to hire challenges in cyber security, the exercise can be very costly."
Many of our clients rightfully emphasize company culture to engage and reward employees. Certification sponsorships (CISSP, CEH, CISM, CCSP, CISA, etc.) are a popular perq, as are flexible hours. But structural changes may have a more meaningful and measurable impact on reducing attrition. Here are some best practices our most proactive clients are taking to increase retention (and that we’d love to help you deploy).
1. Work Out Retention Bonuses with your Staffing Partners
In a tight labor market, sign-on and project completion bonuses become more prevalent. To motivate independent consultants to complete their contracts, consider a different bonus structure.
Work with your staffing agencies to create hold back retention programs for a consultant’s hourly rate until the project ends, say $10/hour on a $150/hour pay rate. The budgetary impact remains the same, but the consultant receives a large lump sum payment at close out, which many appreciate. Communicating your retention concerns to your staffing partners may reveal other programs they have in place that will work in your favour.
2. Utilize Contract-to-Hire Programs
Don’t forget about a contract-to-hire option. Many staffing agencies will have programs that allow you to engage with a contractor and have an option to convert them to an employee if there is a long-term match. Communication here is key. While true that many incorporated consultants rarely have a desire to convert from a limited company, make sure your recruiting strategy is flexible enough to identify those who may.
Key considerations to discuss are:
- What are their motivations?
- Are they purely interested in contracting or do they have ambitions to become permanent in your organization?
- Do you want them to be permanent employees?
Ensuring instant, transparent communication upfront allows you to know what’s important to the worker and how to best utilize and potentially bridge them into your environment.
If you’re at a pivotal moment in standing up your cyber security practice, you have something to offer; interesting technology roadmap, company stock options, training and development, etc. Many staffing agencies will offer conversion to permanent staff at a fraction of the finders fee; depending on timing, it may be waived. If you’re confident in the value proposition from your company and are willing to endure a “dating period” with a consultant, you can land amazing full-time employees with no additional cost outlay.
3. Manage the Market Costs, not your Agency Costs
Formal rate card management programs pay off, literally and figuratively. Wages are a key ingredient for contractor retention, and a market rate card ensures that supply and demand influence your contingent workforce cost structure appropriately. Here’s how that works.
A managed markup approach treats the consultant’s pay rate as a given, and controls the amount of markup a third party can specify to cover operating expenses, profit, and government burden. By only focusing on markup, it reduces flexibility for all parties, incentivizes higher rates, and raises client costs. A data-driven market rate card (with quarterly or biannual adjustments) offers clear retention benefits, by enabling you to:
- Benchmark available talent against the appropriate skill level, so you’re not paying too much, or for the purposes of this discussion, too little
- Target the complete talent pool for the wages appropriated for the position
- Motivate your suppliers to source best-fit candidates for a particular opening and self-regulate markups to do so
.jpg)
A balanced market rate card offers other tangible benefits at various stages of the recruiting lifecycle, from enhanced internal and external compliance to more competitive and high-quality submittals. If you’re intrigued by the possibilities, S.i. Systems offers free salary bands and rate card analysis to benchmark your hiring more accurately.
.jpg)
4. Implement a Selective Outsourcing Strategy
Cyber security talent choosing consulting work over full-time employment points to another systematic retention strategy.
Consultants love the flexibility, challenge, and higher pay associated with consulting. So why not use that to your advantage?
Reserve the most engaging work for employees and consultants with the highest quality skills and best cultural fit for your organization. Outsource “eyes on glass” tasks such as Level 1 SOC analysis to third-party suppliers who can easily scale resources up and down to meet demand.
In closing, if your company is struggling with retention, you’re not alone. Communication is critical to your success. Speak with your partners, your employees, and your contractors and be sure to explore all opportunities available to meet your program goals. Treating people well is it’s own reward, but it’s also a critical component of a strong retention strategy. Just make sure it’s not the only thing you’re banking on to keep top cyber security talent in place. 2021 promises to be another year where demand outstrips supply, so now is the time to get consistent, get creative, and get productive.