In such a hyper-competitive market for security talent, the natural inclination would be to try everything you can to keep your best employees. Unfortunately, even when you do everything right, your best employees just get up and leave. Can you and should you fight it? Or should you go out of your way to make the exit as smooth as possible for your staff? What's the benefit to you when they do leave?

On this episode of the CISO/Security Vendor Relationship Podcast, we discuss:

• 10-second security tip: Vanity metrics aren't going to create a more secure environment.
• Pitching the latest crisis: We've talked endlessly about how CISOs don't respond well to fear pitches. Similarly, salespeople need to understand that CISOs are aware of last week's Facebook hack. Don't bring the news they already know. Provide some insight.
• Selling the latest APT: If it's a new threat, it's sexy. It may make for great news, but focusing on it doesn't necessarily make for good security. Shouldn't you be starting with the boring basics? Can security basics ever be sexy?
• We play "What's Worse?!" Listen up security vendors. You're going to want to pay attention to this one.
• What do you think of this pitch? This week's pitch comes from a CISO. It's not his pitch to us, but a pitch he received. It kind of misses the mark. We explain why.
• Retaining security talent: We discuss the InfoSec manager's role in retaining security talent. How do you form a relationship that all exits or near exits go as smoothly as possible?

This show, like all the previous ones are hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Justin Berman (@justinmberman), CISO of Zenefits.

Special thanks to our sponsor, SentinelOne, for supporting this episode and the podcast. Learn more about their autonomous endpoint protection.