The Human Capital Triad for Cybersecurity Retention: Securing the Future of Cyber Talent
This post comes from Dr. Brian McElyea, Vice President of Cybersecurity Operations at RELI Group. Representing RELI’s Cybersecurity Operations, Dr. McElyea recently spoke at a conference on “The Human Capital Triad for Cybersecurity Retention.” You can explore more about our cybersecurity efforts here, or read on to learn about Dr. McElyea’s perspective on the importance of human capital in securing our digital future.
In an era where cyber threats are escalating in complexity and frequency, the demand for skilled cybersecurity professionals has never been greater. With over 500,000 cyber vacancies in the U.S., according to the National Cyber Director, the gap between demand and supply is placing critical stress on both government agencies and private organizations. The key to securing our digital future lies not only in technology but in human capital—the people behind the systems.
To meet this challenge, RELI Group actively seeks to hire top talent and offers opportunities for growth and development within a mission-driven environment. Organizations must adopt a proactive and strategic focus on human capital. This ‘Human Capital Triad’—comprising attraction, retention and development—can play a deliberate and critical role in building and maintaining a robust cybersecurity workforce. Each element of the triad is interconnected, ensuring the long-term viability of cyber talent to safeguard our digital future.
Attract: Building the Pipeline
The first step in addressing the talent shortage is to attract new talent into the field. RELI Group is committed to recruiting skilled professionals who can meet the demands of today’s increasingly complex cyber threat landscape.
RELI’s approach to attraction includes several strategic initiatives:
- College Internships: College internship programs provide students with real-world, hands-on experience. This training is critical in a field as practical and dynamic as cybersecurity, where on-the-job learning provides a supplemental aspect to their classroom learning. Engaging students early helps build the future workforce and ensures that new talent is continuously entering the field. College internships can be a valuable way to begin future-proofing your organization.
- Veteran Outreach & Engagement: Veterans bring a unique skill set that is especially relevant in cybersecurity, including leadership, discipline, adaptability and familiarity with structured operations. Hiring veterans helps not only in attracting individuals with these valuable qualities but also in providing a smooth transition from military to civilian cybersecurity roles, ensuring that no talent is left untapped.
- Active Social Presence: Social media has become one of the most effective tools for recruiting the next generation of talent. an active social presence to not only share opportunities but also to build a community and brand that appeals to forward-thinking, tech-savvy professionals who are motivated by mission-driven work.
- University Relations & Recruiting: Partnering with top academic institutions allows access to a pool of highly qualified graduates who are ready to tackle the challenges of modern cybersecurity. University relationships also provide opportunities for ongoing knowledge exchange and innovation.
- Scholarships and Referral Bonus Programs: Financial incentives, such as scholarships for education and referral bonuses, play a key role in attracting top talent. They demonstrate commitment to investing in people and encouraging the recruitment of high-quality candidates from within existing networks.
- Supporting “No-Fail” Missions: Cybersecurity professionals are often drawn to roles where their work has a real-world impact. By framing operations as mission-critical, you can appeal to individuals who are motivated by the importance of their work. This not only attracts talent but also retains those who seek purpose-driven careers.
- Recruit Next-Generation Visionaries: Forward-thinking individuals are the key to staying ahead of evolving threats. It is critical to focus on recruiting visionaries—those who are not just skilled but are also passionate about pushing the boundaries of cybersecurity—ensures that the company remains at the forefront of innovation and problem-solving.
- Thought Leadership Outreach: By engaging in thought leadership activities, such as publishing articles and speaking at conferences, builds a reputation within the cybersecurity community. This outreach not only positions your company as a leader but also attracts like-minded individuals who are eager to contribute to groundbreaking work.
According to the National Defense Magazine, cybersecurity positions take 21% longer to fill than other IT roles. At RELI, our focus on attracting talent through college internships, veteran preference programs and partnerships with top universities to build the next generation of cyber visionaries. If you’re ready to make an impact and grow your career in a dynamic, mission-driven environment, explore our career and internship opportunities here.
Retain: Supporting Long-Term Commitment
Once talent is attracted, retaining skilled professionals becomes a priority. Retention is a critical issue in the cybersecurity field, with cybersecurity professionals experiencing 10-15% higher attrition rates compared to other IT professionals, according to Gartner.
To address this, RELI Group employs several strategies aimed at keeping their employees engaged and committed for the long term:
- Engaging/Professionally Rewarding Rotations: Cybersecurity professionals often seek variety and continuous learning to stay engaged. By offering rotations through different roles within the company, you can ensure that employees are exposed to various aspects of cybersecurity, keeping their skills sharp and preventing burnout. This approach not only increases job satisfaction but also enhances the company’s internal expertise.
- Cross Training & Cyber Program Rotations: Offering employees the chance to cross-train in different areas of cybersecurity allows them to expand their skill sets and gain a more holistic understanding of the field. Cross-training also improves team flexibility, as employees can cover multiple roles when needed, enhancing the overall resilience of the workforce.
- World-Class Cyber Colleagues & Exposure to Latest Cyber Technology: Professionals want to work alongside the best in the field. Having a commitment to building teams of top-tier cybersecurity professionals creates an environment where employees are continually learning from one another. Additionally, regular exposure to cutting-edge technology, such as AI/ML, Quantum Computing, Blockchain, IoT and 5G, keeps employees on the leading edge of cybersecurity practices.
- Highly Competitive Salary & Benefits: Compensation plays a significant role in retention. Offering a highly competitive salary and benefits package ensures that employees feel valued and are less likely to be poached by competitors. In a field with high attrition rates, this financial commitment is crucial to maintaining a stable workforce.
- Corporate Support & Cyber Lab Partnerships: Corporate support systems, such as access to research labs and development programs, provides employees with resources to continuously improve their skills. These partnerships also offer opportunities for collaboration on innovative projects, which can be highly rewarding and engaging for employees.
- Mentoring & Employee Engagement Surveys: Regular employee engagement surveys allow you to stay in tune with your workforce, identifying areas where improvements can be made to increase job satisfaction. Mentorship programs provide employees with personal and professional development opportunities, fostering a supportive environment that encourages long-term commitment.
- Growth Opportunities: Offering clear career growth pathways is one of the most effective ways to retain talent. When employees know they can grow within the organization, they are less likely to seek opportunities elsewhere. It is vital to ensure that your cybersecurity professionals have access to promotions, skill development and leadership roles to enhance their likelihood of desiring to stay with your organization.
- Entrance/Exit Interviews & Measure Retention Rates: By conducting thorough entrance and exit interviews, you can gather actionable insights on what motivates employees to stay or leave. These insights are critical for continuously refining the company’s retention strategies and reducing turnover.
To further reduce attrition and strengthen retention efforts, one should also focus on fostering a diverse and inclusive workforce. Diversity is crucial in cybersecurity not just for equitable representation, but also because diverse teams bring different perspectives, which are critical for addressing the complex nature of cyber threats. According to Zippia, only 17% of cybersecurity professionals are female, there is a significant need for initiatives aimed at improving diversity. At RELI Group, women make up 42% of our cyber staff, just one of many ways RELI Group lives its core value of diversity.
Develop: Fostering Expertise and Growth
Development is the third and final wheel of the Human Capital Triad. Fostering continuous learning and professional growth is essential to keeping cybersecurity professionals at the top of their game. This is especially important given that Gartner predicts more than half of significant cyber incidents will come from lack of talent as well as general human error by 2025. RELI’s development initiatives are designed to equip employees with the skills needed to face both current and future challenges.
RELI promotes development through a variety of initiatives:
- Free World-Class Online Cyber Training: Providing employees with access to world-class training programs ensures they have the latest knowledge to address emerging and rapidly morphing threats. Continuous education is vital in a field where the threat landscape evolves rapidly.
- Access to Latest Threat Intelligence: In cybersecurity, staying ahead of threats is a constant challenge. It is imperative to ensure that its employees have access to the latest cyber threat intelligence, which helps them remain proactive in defense strategies. This access keeps your team one step ahead of cyber adversaries.
- Corporate Teaming with Internal SOC & Cyber Research Partnerships: By teaming with its internal Security Operations Center (SOC) and external research partners, RELI provides employees with hands-on experience in incident response and real-time threat mitigation. These partnerships enhance employees’ practical skills and broaden their understanding of the latest cybersecurity developments.
- Internal Research & Development: Innovation is critical in cybersecurity. Commitment to internal R&D encourages employees to push the boundaries of current technologies and processes, fostering a culture of creativity and forward-thinking that is essential for staying competitive.
- Labs/Cyber Ranges (Hands-on): Hands-on practice is irreplaceable in cybersecurity training. It is invaluable, when possible, to provide employees with access to labs and cyber ranges where they can simulate real-world scenarios. These practical experiences allow employees to test their skills in a controlled environment, building their confidence and competence in handling simulated live incidents.
- Ethics, Security, Quality & Culture: A strong corporate culture built on ethics, security and quality ensures that employees operate with the highest standards of integrity and professionalism. This culture not only supports compliance but also fosters an environment where employees take pride in their work, leading to higher job satisfaction and retention.
- Certification Requirements: Industry certifications validate an employee’s expertise and are often required for customer roles. By supporting employees in obtaining these certifications, an organization can enhance their individual capabilities but also strengthen the overall competency of its workforce.
By prioritizing development, you can ensure that employees are constantly evolving alongside the cybersecurity landscape, staying one step ahead of emerging threats.
Securing the Future Through the Human Capital Triad
Each component of the ‘wheels’ in the Human Cyber Triad is intended to be customized by your organization to suit its specific needs. The examples provided are those currently employed by RELI, but they are not fully exhaustive to what is possible. These represent the strategic efforts we believe are most valuable to focus on to ensure our customers have the talent needed to safeguard their networks, systems, and data. This framework is dynamic and should evolve over time. The key is maintaining a deliberate focus on how you attract, develop, and retain cybersecurity professionals to meet customer needs.
As the cyber landscape grows increasingly complex, the Human Capital Triad serves as a powerful framework to address the cybersecurity workforce challenge. Tackling systemic issues like high attrition rates and diversity gaps is crucial for building a robust cybersecurity defense capable of adapting to emerging threats. By intentionally integrating these 27 focused strategies—and adding others relevant to your organization—companies can build a sustainable, resilient workforce equipped to protect critical systems and data.
Download the Visual Guide!
For a deeper understanding of how the Human Capital Triad can guide your organization’s talent strategy, fill out the form below to download the visual guide and explore the interconnected strategies that fuel a strong and sustainable cybersecurity workforce.