Due to the COVID-19 pandemic, IT security teams are now supporting a vastly new remote workforce — a wider attack surface — which increases sophisticated cyberattack attempts by adversaries. Security teams are managing dozens of, if not far more, security solutions to thwart, and security operations teams find themselves sorting manually through 100s of 1,000s of security alerts to close the gap between detection and response, fueling the growing epidemic of analyst burnout and putting enterprises at risk. Traditional security information and event management (SIEM) solutions that are used by many organizations and security teams are inadequate and failing to meet the growing needs of security analysts and the SOC, especially now.
Recently, Devo sponsored an annual Security Operations Center (SOC) Performance Report that was conducted between March 11- April 5, 2020 by the Ponemon Institute. It found that 78% of the respondents said working in a SOC is very painful. Additionally, 60% say the stress of working in the SOC has caused them to consider changing careers or leaving their jobs. Even worse, 69% said it is very likely or likely that experienced security analysts would quit the SOC. The burden of work on SOC analysts needs to be addressed and it needs to be addressed now - and that responsibility falls on leadership.
Here, we talk to Julian Waits, General Manager of Cybersecurity at Business Unit at Devo, to find out how SOC leaders can create a culture of growth among their teams.
Security magazine: What is your title and background?
Waits: I am the General Manager of Cybersecurity at Business Unit at Devo. I’ve been working in the technology sector for over 30 years, helping early and growth stage technology companies to reach their full potential in their respective market, specializing in security, risk and threat detection. Prior to joining Devo as the GM of the cybersecurity business unit, I held titles such as software developer, field systems engineer, M&A director, Sales VP, and CEO. I also serve on several industry boards, including ICMCP and NICE, promoting development of the next generation of cybersecurity professionals.
Security magazine: Why do SOC leaders need to create a culture of growth among their teams? How can this help mitigate analyst/security team’s burnout?
Waits: Creating a culture of growth in the SOC helps leaders address two issues; one being that security talent is very scarce to find and hire, and two being that the analysts you do have in the SOC are getting burnt out. By creating a culture of growth – one where you’re investing time, funds and energy into bettering the skills and career trajectory of analysts – you’re both creating a more enticing environment for hiring candidates and establishing a culture for current employees that acknowledges their work, value and caring for an individual’s growth.
Security magazine: How can SOC leaders broaden the soft skills of analysts through activities like job rotations and presentation skills?
Waits: A shortage of talent and the challenge to retain skilled analysts comprise both sides of the platinum broken record of the security industry. Helping your SOC analysts develop their technical and business skills creates a culture of professional growth and advancement, not job hopping. By keeping analysts engaged with practices such as job rotation you’re encouraging them to learn more about the organization’s business, which will help them understand exactly what they’re working hard to protect. Additionally, exposure to other roles in the business— perhaps something on the development side or even a customer-facing role—may open an analysts eyes to skills they maybe weren’t aware they we interested in, and they now have the opportunity to dig into that curiosity a bit more.
Security magazine: How can SOC leaders fuel professional growth through training analysts to communicate their work to non-technical and executive-level audiences?
Waits: Improving analysts’ presentation and communication skills by creating opportunities to present their work to non-technical colleagues and company leaders will enhance their skills in providing valuable exposure to important decisionmakers. It also makes it necessary to think about how their work impacts the business on a larger scale—because that’s what’s going to matter most to executive leadership. It’s another way to broaden soft skills, open their eyes to what happens beyond the SOC and, in return, gives exposures to others of all the hard work happening every day within the SOC.
Security magazine: How can they advocate on behalf of their team to the CEO and board to ensure the SOC is equipped with the right/best technologies to alleviate analyst pain?
Waits: Among SOC leaders, the CISO is the bridge between the SOC and the C-suite. While most CEOs and boards are becoming increasingly security conscience, it’s up to the CISO to effectively communicate that security touches every part of the business and a SOC filled with burned-out analysts will compromise security and, in the long run, hurt the bottom line. Equipping your SOC with technology that automates and streamlines the repetitive aspects of analysts’ workflow will benefit the entire organization. The board will also need clear understanding of security priorities, so be prepared to answer questions like, “what trends is the SOC teaching us?” “what are we learning? “what are the types of attacks we see most often in our environment?” “what have we done to mitigate those attacks?” and “are there things that we could do with the SOC to be more proactive about trying to catch this stuff sooner?”
Security magazine: How can SOC leaders reevaluate hiring practices to help solve staffing challenges and finding the right security talent?
Waits: Given the well-established shortage of talent, the idea of who we’re hiring to work in the SOC must change. If we insist on only hiring people with a certain degree from particular universities who have specific years of experience in exact roles with certifications X, Y, and Z, we will never solve the talent problem. It’s time to start looking at the qualities of an individual that indicate skills such as the ability to move quickly, innovate, think critically, and solve problems, rather than rigid checklist of outdated milestones. Additionally, one thing the COVID-19 pandemic has taught us is there’s no need for geographical bias when it comes to hiring the best talent. With remote working you can widen your net across the country and hire the best person for the job.