Research released this week revealed half of first-time security analysts working in Security Operations Centers (SOCs) plan to leave after just three months in the job, and none plan to stay in their current role for longer than 18 months.
According to the survey of 250 security analysts in July 2020 by SIRP Labs, top areas of dissatisfaction with the job that contribute to this high rate of churn are: mundane tasks (51%), frustration at events outside of control (45%), the inability to allocate time effectively (30%) and a pressure cooker environment (29%).
This makes for some fairly uninspiring reading; why go to all the effort to fully staff and train a SOC only for the team to begin to depart with only months of experience with a sense of frustration among those that stay? Taharka Beamon is SOC manager at Reed Exhibitions, and Infosecurity asked him if he was finding hiring suitable people to work in a SOC to be especially challenging.
“I believe the key to reducing the challenges of hiring and retaining SOC analysts is to find people who have IT industry experience and understand the ever-changing threat landscape when protecting an enterprise,” he said.
“One effective hiring approach is to find high-performing individuals in an adjacent area of IT, such as the helpdesk or vulnerability management, who are looking for a change or increased responsibility. Those traits, coupled with a strong interest in cybersecurity and proven commitment to education through independent learning, formal education or certifications, should yield someone who is ready for the rigor and variety that being on a SOC team presents.”
The impact of the COVID-19 pandemic has been felt by SOC employees, with the research finding 46% of respondents have experienced a reduced workforce as a result of the crisis, while an increased amount of time has been spent on non-productive tasks, especially for organizations with thousands of employees.
Is there a way companies can better staff their SOCs as lockdown continues? Beamon said, as the COVID-19 pandemic has caused reductions in workforces, decreased spending and more employees working from home, there is no better time for businesses looking for SOC analysts to broaden their candidate search to lower cost of living areas which could allow for lower required wages. “Even more broadly, companies can look to outsource certain lower level SOC tasks such as the monitoring of alerts or creation of escalation tickets.”
Not all of the research was negative, with 96% of respondents saying they are able to prioritize alerts based on the risks to the organization, while 89% said they enjoy a close working relationship with colleagues in other departments like GRC or vulnerability management.
Bearing in mind the stories we hear about missed alerts, alert fatigue etc., does this statistic show that actually SOC workers are happy in their roles, and they just want to be able to do it more effectively and not work remotely?
Beamon said: “Despite the pressures of being on a SOC team, being able to prioritize alerts based on risks to the organization or other severity and criticality measures is vital to ensuring the SOC team feel they are making the biggest impact from their efforts.
“Like in many other professions, I believe a SOC analyst derives pride and happiness from their jobs by working together on a team to accomplish tasks, making a measurable difference to the business and preventing issues that would keep their bosses up at night.”
The issue of creating, managing and sustaining a SOC is very interesting; it requires a level of commitment to their needs as well as ensuring that there is satisfaction in the required work to avoid negative issues. Whilst there is no doubt that the use of MSSPs to provide SOC-as-a-Service offerings has likely increased in the recent months, a growth in the frequency of attacks requires the use of a SOC more and more. Having a satisfied and engaged SOC team may be your greatest asset at the moment.