Your security operations center (SOC) team is the heart of your operations center’s success. In our recent white paper, we shared practical tips to improve the efficiency of your SOC, including ways to optimize processes and workflows, streamline communications, and implement technology to help you scale. But there is another—arguably more significant—challenge facing SOCs today: the overall mental health of your team. While often thought of as a softer, more nuanced topic, it may play an even greater role in the long-term success and efficacy of your security operations organization than any other issue.
According to a recent “Voice of the SOC Analyst,” report by Tines, over 60% of SOC analysts plan to change jobs in the next year, likely due to challenging working conditions in which:
- 71% of analysts experienced some level of burnout
- 69% of the SOCs they spoke to were understaffed
- 64% spend over half their time on tedious manual tasks
- 66% believe half their tasks could be automated
- 60% saw increased workloads in the last year
What has led to this work environment? The increasing and relentless pace at which cyber criminals evolve has led many organizations to implement a never-ending vulnerability/patch loop that leaves analysts questioning whether they are really making a difference—and whether they should even care. Combined with the fact that security tasks inherently involve repetitive, manual tasks, and that the industry is facing chronic talent shortages, SOC teams are experiencing increasing levels of burnout, apathy, and human error.
At SafeBreach’s inaugural Validate summit, SOC analyst attendees echoed these struggles during an open-dialogue session with David Spark, producer, managing editor, and co-host of the CISO Series. SOC analysts shared the challenge of the increasing scope of their responsibilities, lack of support, and inability to communicate with leadership. Based on this conversation, we’ve developed seven tips to help you create a more open, collaborative, and supportive work environment to boost satisfaction, enhance retention, and, hopefully, avoid the “Great Resignation” facing many SOCs today.
Addressing SOC Team Challenges
1. Automate tedious tasks. Identify ways to automate workflows and alerts and ensure existing tools work in harmony to minimize the tedious manual work for analysts. Breach and attack simulation (BAS) has proven to be a valuable tool for many organizations because of its ability to automate the safe execution of real-world attacks, prioritize remediation efforts, simplify reporting, and integrate with other downstream tools (e.g., SIEM, SOAR, workflow management), freeing up analysts to triage and investigate higher priority (and often more interesting) events that automation cannot account for.
2. Provide opportunities for team feedback. Provide consistent and open opportunities for SOC team members to voice concerns and make suggestions for improvement. Then, consistently show progress on the changes your team has requested—this goes a long way in making your team feel heard and validated, even if working conditions aren’t fixed overnight.
3. Understand what truly motivates your team. By identifying what your SOC team members actually care about, you can create a strategy to connect with analysts and show appreciation. Keep in mind that money is not always the highest motivator. Something as simple as creating a competitive or interactive approach to training, such as a pizza party war game or being challenged to “beating” an attack simulation, can drastically improve overall morale.
4. Make the team feel connected to the mission. Show the value the team makes to the security mission of the organization, as well as the mission of the entire organization. Ensure you take the time as a leader to give credit where credit is due and prioritize your team’s understanding of how their work actually makes a difference.
5. Give the team the tools they need to be successful. Again, this requires asking your team for input and truly listening to the needs they express. While your budget may be tight, look for ways to introduce a new technology like BAS or upgrade an existing technology to include automation, which can dramatically improve an analyst’s work environment.
6. Minimize repetitiveness in roles and responsibilities. Keep things fresh for your SOC analysts and give them the opportunity to do new tasks. For example, have your red and blue teams work together or give them the opportunity to switch roles for a day. Not only will this keep things interesting, but it will allow for a new perspective to the daily team’s approach.
7. Ensure top-down appreciation and visibility. Leadership engagement goes a long way in ensuring your SOC analysts feel appreciated. Leadership can also do small things, like give public shout-outs to the team or specific analysts, drop by with treats, or send care packages to show appreciation. And, ensuring leadership is checking in regularly gives analysts the opportunity to communicate up the chain and feel heard.
Retain Top Talent & Enhance Cyber Resilience
While there are a number of challenges facing SOCs today, it’s important for leaders to carefully consider the mental and emotional load team members face on a daily basis. Taking active steps to give team members an opportunity to feel heard, have access to the tools and technology they need, and see positive progress can go a long way in demonstrating that you value your team and are willing to do your part in addressing the challenges they face. In the short term, this strategy should help you ride out the wave of the Great Resignation and enhance the efficiency of your SOC. In the long term, it can increase your organization’s ability to attract and retain top talent and enhance its overall resilience.