Cybersecurity leaders have sounded off about burnout issues across the industry for years. This is especially true in the security operations center (SOC), where we continuously see organizations struggle to hire and retain staff, as many SOC analysts become so overworked they often look to change jobs or leave the field altogether.
This constant revolving door of security professionals leads to a massive problem — and not one that just cybersecurity professionals should care about, either. When there’s this constant turnover of staff, it inevitably disrupts the SOC workflow and, ultimately, the effectiveness of the SOC, potentially exposing an organization to increased risk. If your SOC can’t escape this disruption, it may let a cybercriminal slip through its fingers. It’s a cycle we can’t seem to escape. But we must. We have to.
Let’s take a deeper look at these issues and how we can work toward solving them.
Pain in the SOC
According to the Devo 2022 SOC Performance Report, 71% of respondents rate the pain of SOC staffers at 6 through 9 out of 10. This confirms that most SOC managers and company leaders need to make significant adjustments in how they operate and manage their people to make SOC work less painful.
SOC workers are reporting several areas that contribute to their job dissatisfaction. Too much information, more work than they can handle, difficulty finding and keeping SOC experts, insufficient downtime, too many tools (and lack of tool integration), and too many alerts are the main sources of their pain.
If this pain isn’t addressed, it will continue to be difficult to attract and retain skilled SOC talent. In fact, 55% of respondents say they have considered walking away from their jobs due to the pressure they feel. In a field such as cybersecurity, which touches nearly every industry across the world, the availability of skilled talent is already a major problem. The potential SOC vacancies due to job dissatisfaction will only exacerbate the problem.
The hiring timeline
If SOC leaders are unable to remedy these challenges, they may find themselves participating in the ongoing battle for cyber talent. The average time the survey respondents said it takes to fill a position is seven months, with 15% of SOC leaders saying it takes two years or longer to fill a SOC role. This hiring timeline leaves organizations exposed to potential threats for a much longer period than they may realize. Onboarding, training, and fully operationalizing a SOC analyst usually takes several months leaving your organization with less eyes on glass and security expertise to respond to those threats.
This problem is already impacting SOCs around the world, too. 23% of leaders say they lost up to 19% of their staff. Some respondents lost 40% or more of their SOC teams. That’s a scary statistic. Further, 42% say the average tenure of their staffers is shrinking compared to the past. To retain staff, leaders must start addressing SOC analysts’ pain—before it’s too late.
What leaders can do
While we might not be able to solve all of the issues causing job dissatisfaction and frustration in the SOC, there are several steps that security leaders can take to remedy the situation. According to Devo’s survey, SOC staffers favor a mental well-being approach to addressing pain, with 41% saying “stress management” and “psychological counseling” would help.
When asked, “What type of support, if any, would help alleviate any pain associated with working in the SOC,” spending more money on SOC services was seen as the top method of support by 54% of leaders and 39% of staff. Nearly 40% of staffers said “recognition from senior leadership” would help alleviate pain. But that didn’t register with SOC leaders, as none chose that as a possible remedy.
This highlights the disconnect between senior leaders and the boots-on-ground teams performing the work. The missed opportunity to provide recognition could also be indicative of a lack of understanding from the top of what exactly it is that SOC teams do daily. SOC leaders typically provide metrics that show open versus closed tickets, false positives, and more, but highlighting other areas, such as overtime, number of potential high or critical threats investigated, and the level of effort involved may help senior leaders get a better picture of what SOC teams contribute to the security of their organization.
As with most complex and serious problems, there are no easy answers. But the most effective responses to the pain of SOC staff must begin with improved communication and collaboration between leaders and staff to ensure analysts feel supported and heard.
Let’s break the cycle! We’ll tackle these challenges and more during SOC Analyst Appreciation Day on October 19.