As I’m preparing for a June 4th virtual panel, “Think Outside the SOC: Modern Approaches to Talent, Development & Automation,” I’ve been reading through the 2020 SANS Automation and Integration Survey and noting the similarities between findings from the survey and the topics that have been discussed for the virtual panel.
The core theme of both the survey and panel is how people, processes and technology—working together—are the keys to a sustainable SOC team. We find that organizations can take modern approaches to technology and people to foster a culture of growth and success, including:
- A new perspective on evaluating cybersecurity talent and staffing needs
- Recommendations and best practices for improving SOC analyst retention
- How teams are adapting to 100% remote work because of the pandemic
- The essential role automation can play in reducing analyst burnout
That last topic, in particular, is extremely important. When people hear the word “automation” in the context of a SOC, many jump to the conclusion that it means using technology to replace analysts with machines. That’s not how I—and most of the people I talk with—see it. People are and will remain essential to the effective operation of SOCs. When we refer to automation, we are talking about deploying technology to eliminate mundane, time-consuming tasks, especially for Tier-1 analysts who historically have done most of the SOC grunt work.
Let’s face it, most people want to be engaged with what they do for a living. They like challenges and solving problems. In cybersecurity, one of the biggest problems is how to keep SOC analysts interested and involved in their jobs, especially if they’re doing boring things, such as chasing endless security alerts. Forcing people to earn their stripes by spending years doing repetitive, unfulfilling tasks is a motivation killer and generally does nothing to eliminate material cyberthreats.
So how can cybersecurity teams use automation to break that cycle of frustration?
In the SOC, automation is about using the right technologies to eliminate mindless work so people can focus on the activities that really matter. In turn, analysts solve the problems most important to their organizations by leveraging their experience and engaging their curiosity. Automation, in this manner, increases analysts’ enthusiasm about their jobs. By employing automation to identify the threats that matter most to the business, even Tier-1 analysts can play a bigger role in threat hunting. This approach alleviates a lot of repetitive, mind-numbing work while enhancing analysts’ skills, making them more valuable to the organization, now and in the future.
Regardless of how technologically advanced our tools become, a successful cybersecurity program is still all about the human element. The biggest frustration most organizations have is that they hire, educate and train people to work in their SOC, and then those people leave because they burn out. Doesn’t it make so much more sense to use automation for the repetitive, boring work that machines are so good at performing? Then we can guide people, with their growing intuition and acquired experience, up the ladder so they can have successful careers in the company that has been grooming them, instead of essentially forcing them to leave for a better, less-tedious job with another organization.
Please join us on June 4 to hear how cybersecurity leaders can start to “think outside the SOC” with regard to their team success and culture.
Julian Waits is the General Manager, Cybersecurity Business Unit at Devo Technology. Julian has 30+ years in senior leadership roles at technology companies, specializing in security, risk and threat detection. Julian serves on several industry Boards, including ICMCP and NICE, promoting the development of the next generation of cybersecurity professionals.