The skills shortage in IT security is a very real problem, even though companies have become more creative in how they attract talent. But there’s more to consider: A report from AlienVault argues that retaining the talent once acquired should also be a keen focus for HR departments.

“One can hypothesize that companies no longer offer ‘jobs for life,’” said AlienVault security advocate and former 451 security analyst, Javvad Malik, in the report. “Or indeed blame millennials for being self-entitled and lazy workers who need constant baby-sitting.”

But the reality is that the retention concern is common. Only about 65% of participants are happy and content in their current jobs. And even those that say they’re happy admit that the idea of challenging and exciting work would be a motivator to move somewhere else—thus setting up a competitive environment among companies looking to hone their IT security departments.

“Retaining staff can be a fine balancing act that needs the precision of a NASA engineer landing a rocket on a comet,” Malik said. “On one hand employers need to provide appropriate compensation and working environments. While on the other hand, remaining mindful that other companies will make high offers in attempts to acquire the right candidates.”

Also, company culture is a big intangible. “Being unhappy with boss or company culture was an underlying theme across the survey,” Malik said. “Yet, several participants, particularly those in larger organizations, felt a distinction should be made between the company culture and team culture.

“The key is maintaining a fun and rewarding environment,” he stated. “The fun part is deliberate; a lot of folks just leave because they are burned out. They think a new job will alleviate this; often it doesn’t work that way. We had what I called a ‘high rate of recidivism’ in the SOC, which proves this. Operations is tough, it just is.”