It’s no secret that the job of a SOC analyst is very stressful. These individuals spend their days hunched over computer screens, painstakingly reviewing alerts to ensure their companies don’t suffer serious consequences from a cyberattack. One mistake could spell disaster, but the high-stakes nature of the job isn’t the only reason SOC analysts are burning out. Limited resources, staffing shortages and more all contribute to the mental pressure on these individuals.
To better support SOC analysts and improve their working conditions and job satisfaction, there must be a fundamental shift in how the SOC operates so analysts don't get buried under the burdens of the job.
Why SOC analysts are overwhelmed
According to the 2020 Devo SOC Performance Report, an appalling 60% of survey respondents said the stress of working in the SOC caused them to consider changing careers or leaving their jobs. For an industry already facing a skills shortage, that’s pretty scary. Organizational turf wars also are killing SOC effectiveness, with 64% of respondents saying that internal battles regarding who is in charge of what are a huge obstacle to their SOC’s success.
On top of that, SOC teams also report they routinely have issues with limited visibility into attack surfaces — 65% said this was one of the primary causes of SOC analyst pain. Because of this, the mean time to resolution (MTTR) of an attack is often unacceptably high. Nearly 40% of respondents said MTTR takes months or even years! Lack of effort isn’t necessarily the reason for these long resolution times, either. While the survey found that SOC budgets increased slightly year over year, it wasn’t enough to close the gaps that SOCs face in effectiveness and performance.
Where do we go from here?
What can organizations do to provide SOC analysts with the support they need? Slightly more than 70% of respondents said introducing automation into the analyst workflow could help, and 63% also stated that implementing advanced analytics/machine learning would have an impact. Doing this would alleviate Tier-1 analysts (those at the beginning of their careers) from having to deal with too many repetitive tasks.
In addition to investing in new security technologies, it’s also important to review processes and provide SOC analysts with new learning opportunities. When I managed a SOC team, I avoided burning analysts out on a single task or goal. Analysts were required — and given opportunities — to enhance their skills. All processes, procedures, measurement methods, and actions had to align with business goals. Doing this created a much more focused environment.
While there’s quite a lot to do to overcome the challenges of SOC work, SOC leaders can turn things around by investing in the right technologies and constantly reviewing their incident-handling procedures. On October 20, Devo is also celebrating the first-ever SOC Analyst Appreciation Day™. By establishing this new holiday, we hope the industry can come together to make working in the SOC far less stressful for these talented, dedicated professionals.