The Talent Retention Effect Inside SANS Training

This blog is the first in a three-part series highlighting key findings from the IDC White Paper, Sponsored by SANS Institute, “The Business Value of SANS,” Doc #EUR153291525, June 2025. In Blog No.1, we discuss how SANS training helps CISOs and HR leaders drive higher levels of staff retention by cultivating high-performing teams.

Maintaining a strong security posture encompasses a lot more than the tools in your tech stack. When you really think about it, there’s a reason why people come first in the proverbial industry adage “people, process, and technology.” Because, at the core of any successful cyber defense strategy are human practitioners. Even in the age of advanced AI, your resources are only as strong as your ability to leverage them effectively and at scale.

Every fast containment or averted breach ultimately requires having the right people in place. By “right”, we mean people with a specific set of skills and specializations that match the intricacies of the security environment they are defending. The incident response protocols of an Industrial Control System operator differ greatly from those of a corporate finance enterprise or large-scale healthcare system. As such, there’s no one-size-fits-all approach to assembling the right team for your organization.

This has raised the stakes for organizations to retain optimal talent. The SANS GIAC 2025 Cybersecurity Workforce Research Report found a notable increase in cross-functional collaboration amongst cybersecurity and HR stakeholders – 54% of HR managers now report spending more than half their time focused specifically on cybersecurity staffing. Further, 52% of surveyed organizations cited “not having the right staff” as their biggest cybersecurity workforce concern, rather than just a lack of personnel.

Both metrics underscored a growing reality that many CISOs and HR leaders know all too well. Hiring the right practitioners is hard. But keeping them? Even harder, especially when you consider the demands placed on today’s security teams: cloud sprawl, complex vendor ecosystems, relentless attacker innovation, systemic burnout, staffing shortages, and more. Left unaddressed, those demands often translate into high staff turnover, which has consequences far beyond standard HR metrics. When experienced defenders leave, they take institutional knowledge with them, leave gaps in your response playbook, and add heightened stress to the practitioners who stay behind.

This is one of several areas where making targeted investments in SANS training produces tangible value. New research from the SANS-sponsored IDC white paper The Business Value of SANS shows that workforce training doesn’t just strengthen individual skills. It is a critical employee empowerment tool that further enables organizations to retain their best practitioners and build more cohesive teams.

Why Targeted Training Drives Longer Tenures

In a field like cybersecurity where lateral movement is common, staff retention hinges on more than a competitive salary. Practitioners stay when they feel their skills are seen, supported, and sharpened. SANS helps organizations meet that bar. According to the IDC research, organizations that invested in SANS training saw staff stay in roles 36.8% longer compared to non-trained peers. That added stability reduced annual new hires by 26.9%, saving an average of $124,000 (equivalent to €107.880 and £91,760) each year in recruiting costs.

These weren’t marginal gains. One financial institution in the study reported a 50% jump in career development satisfaction and a significant increase in job role confidence after rolling out SANS training. Another organization cited examples of team members turning down external offers with higher pay, choosing instead to stay for the long-term skill growth and credibility that SANS training enabled.

That sense of momentum where employees feel their expertise is advancing and their contribution is recognized makes a real difference. In fact, organizations that embedded SANS into their structured career development frameworks didn’t just reduce attrition. They unlocked more internal mobility, stronger engagement, and higher performance over time. The IDC research found that SANS-trained professionals were also rated 26% more innovative than their peers translated into real outcomes: broader contributions to cross-functional initiatives, stronger influence over strategic projects, and a deeper sense of ownership in the organization’s security posture.

How High-Functioning Teams Drive Staff Stability

Effective security teams never operate in isolation. They depend on fast decisions, seamless handoffs, and shared mental models across roles. Several organizations in the IDC study credited SANS training with helping establish that common ground – building fluency across SOC analysts, compliance leads, architects, and engineering practitioners alike.

That alignment drove measurable performance results. In the IDC study, teams with SANS training identified threats 4.2 times faster, responded 51.6% faster, and remediated 43.8% faster than their untrained counterparts. In addition, one utility provider highlighted how its teams consistently met aggressive incident response targets of detection within one minute and resolution within one hour due to everyone following the same playbook.

But those efficiency gains told only part of the story. The shared understanding also reduced miscommunication, eliminated redundancy, and made it easier for practitioners to support one another under pressure. Trained individuals became force multipliers, serving as informal mentors who helped peers level up and troubleshot cross-functional bottlenecks. That kind of team-wide cohesion is like cultural glue. When practitioners are more synchronized, work feels less chaotic. Confidence increases, stress decreases, and burnout becomes less of a retention threat.

Discover the Impact of SANS Training

As security demands continue to evolve, organizations need more than just skilled individuals – they need teams that grow together, operate in sync, and stay engaged for the long haul. The IDC study validates what many security and HR leaders are observing today: when applied at scale, workforce training is not just a skills investment, but a strategic driver of retention, cohesion, and performance.

Stay on the lookout for the next two blogs of our three-part series, which will take deeper dives into the financial and cyber defense benefits of SANS training. To explore the IDC study’s full findings and financial analysis, download the IDC White Paper, Sponsored by SANS Institute, “The Business Value of SANS,” (Doc #EUR153291525, June 2025) here.