Incident Response, Network Security, Security Operations

Build a SOC that will attract and retain talent

Today’s columnist, Richard Cassidy of Exabeam, says companies need to create a culture inside the SOC where the staff enjoys its work, respects leadership and wants to be there.

The cybersecurity skills shortage remains challenging for security teams, but that’s only part of the problem. Organizations also have to retain talent once they are brought onboard. In an age in which junior analysts only stay at a job an average of 12 to 18 months, building an effective SOC means creating an environment that skilled workers are drawn to and has career staying power. 

CISOs, HR executives and C-suite leadership all share the responsibility of building a SOC people want to join and finding the right team to staff it. The following steps can aid in solving security staffing issues:

  • Design the physical SOC appropriately. 

Under normal circumstances, security teams spend a lot of time in the SOC. Designing the location appropriately should include feedback from each and every team member. Creating an open workspace that will increase collaboration, as well as have ample lighting and access to restrooms, break rooms, outdoor areas and conference rooms can do a lot to boost employee morale.  

  • Find the right tools to decrease burnout. 

Without the proper tools, security professionals would have to comb through thousands of alerts a day trying to weed out actual incidents. Businesses must equip their SOC with the tools that will lessen burnout and make the team more efficient. Investing in machine learning-based user and entity behavior analytics (UEBA) can ensure that malicious activity does not get overlooked, lessen the occurrences of false positives and reduce stress by freeing up overloaded security teams. 

  • Hire the right leadership. 

Leadership remains the greatest problem we have in cybersecurity today. Over half of respondents in one of our recent reports pointed out the need for leadership to take better care of employees to avoid burnout. Many CISOs charged with leading a security team don’t take the time to build relationships with their staff. Employees have to believe that the organizations they work for care about them, particularly the people above them, to truly want to build their careers there. 

When appointing security managers, look for candidates who have a sense of self-awareness and candor. When leading through cybersecurity incidents or other uncertain times, management should be the first person the team looks to call. As a rule, team members should feel free to call leadership at any time, both personally and professionally. CISOs and other security managers should take calls from their staff for any reason. Look for candidates who will prioritize knowing their staff before a crisis occurs and are ready to jump in headfirst when the time comes. 

  • Foster relationships between the SOC and other departments. 

In Exabeam’s 2020 State of the SOC report, over 60 percent of respondents cited the ability to work in teams as the most important soft skill. Teamwork within the walls of security operations has been shown to streamline processes and aid in training for new employees, and that’s extremely helpful in attracting and retaining new talent. 

Security teams are often siloed from the rest of company operations, which can greatly diminish productivity and create tension between teams. Strengthening working relationships with IT, development and operations can help improve response time and create cohesiveness  even among a distributed workforce. 

Put the right communication and collaboration tools in place. Keep communication lines open to foster relationships within the security staff and to connect them with the organization overall. Developing a sense of community as an important part of company culture will let team members feel like they belong and encourage them to stay. 

  • Encourage passion projects. 

In 2019 alone, 768 million U.S. vacation days went to waste. With travel bans and quarantines in place, many individuals are opting out of taking personal time. If employees aren’t having family or friends over, and they choose to work instead of taking time off, create opportunities for them to work on projects they are passionate about. While moments of downtime are brief for security teams, have projects planned for those rare occurrences that reinvigorate their passion for the work. Having the employees themselves plan those tasks can sharpen their skills and bring a level of excitement to their day-to-day. 

Appealing to and retaining cybersecurity talent comes down to building an efficient SOC that staffers want to work in. By designing the physical SOC with input from the team, hiring the right leadership, fostering relationships between the SOC and other departments and encouraging passion projects, organizations can finally begin to close the skills gap. 

Richard Cassidy, senior director, security strategy, Exabeam 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.