With security analysts acting as the front line of cyber security defense, it’s paramount to maintain vigilance and team morale. So how can you ensure continuous development and retention of your Security Operations Center (SOC) personnel in an industry battling alert fatigue and employee burnout?
An in-depth conversation with Maayan Cohen-Haziz, our Israel Site Manager and Global Director of Human Resources, and Hen Porcilan, Senior SOC Analyst at CyberProof, sheds some light on techniques that managers can use to help keep a SOC team motivated and fulfilled in their work. Here are 10 ways that they mention:
- Investing in Training
- Support remote work
- Create more “water cooler” moments
- Empower mid-level management
- Design a buddy program
- Give new team members a proper welcome
- Foster a professional interest in the industry
- Design a more comfortable office environment
- Create a feeling of belonging
- Encourage personal growth
Let’s have a closer look.
1. Invest in Training
“Working in a SOC, there’s constant pressure, 24/7,” said Hen. “SOC employees are dealing with the latest trends and attacks - shouldering the ongoing responsibility of responding in the right way. It can wear the analysts out. To break out of that, it’s important to encourage the SOC team to study new skills. There is always the feeling that we need to know more, learn more. Cyber security professionals want to gain greater knowledge of various technical and professional disciplines; industry certifications such as Microsoft certifications, for example, are very important. Another area that’s critical is the ability to provide professional presentations – an area that today, more than ever before, all security professionals must excel in.”
2. Support Remote Work
Relating to some of the changes that were wrought by COVID-19, Maayan said, “Take initiatives to see how you can assist employees in their work from home. Some examples of what you can offer include: lectures on creating an ergonomically healthy workspace; memberships to online or in-person exercise classes; purchasing equipment for employees to use at home; and providing take-out meal options, even for employees working at home. In addition, train all levels of management to recognize mental health issues. These are all things that strengthen the relationship between SOC analysts and their managers.”
3. Create More “Water Cooler” Moments
Hen talked about the importance of developing the right style of management and explained that, in his experience, “Management style makes a huge difference to the experience of cyber security professionals. Some managers keep to a formal framework of 6-month feedback schedules. But in addition to this type of structure, there should be opportunities for informal feedback. Time with the managers over coffee or in the hallway creates open communication channels that really help analysts deal with the ongoing pressure. They create a feeling that the manager is fully aware of the issues and is invested in providing each analyst with their professional guidance and support.”
Time with the managers over coffee or in the hallway creates open communication channels that really help analysts deal with the ongoing pressure.
4. Empower Mid-Level Management
Talking about management styles from her own perspective, Maayan pointed out that, “For those with larger teams, empowering your mid-level managers can make a big difference. Provide them with training courses – for example, in performance management, time management, interview skills, etc. What’s crucial is to avoid being a micromanager. It’s more effective if you can view your role more as that of an active coach – giving mid-level managers the “big picture” information so that they, in turn, can provide support to their team leads.”
5. Design a Buddy Program
According to Hen, the more senior members of a SOC team have a responsibility to help out the junior members of staff. “I see that, with the new people on my team, we really need to reach out and provide assistance – more so, if it’s a time when we’re working remotely because of COVID. As a newcomer, it isn’t always easy to ask questions openly, particularly when you’re working at home. The onboarding takes longer with remote work as new team members learn the team culture and establish their value in the team.” SOC leaders should encourage the senior members of the team to take on this key “Buddy” role in training and nurturing the newbies.
6. Give New Team Members a Proper Welcome
Talking specifically to SOC managers, Maayan emphasized that when it comes to onboarding, you need to do it right from Day One. “The most important thing with onboarding is to take ownership and to be there,” she said. “Onboarding should be in person, if possible. Where people are working from home, I recommend a more in-depth onboarding program – but it’s best to do it in person, at the office. Beyond sharing technical information during the onboarding, it’s an opportunity to convey the company’s values, integrity, and teamwork. Being new at a company is like the first day of school – or like being in a new country where you don’t know the culture or language. The first three days are the most important; the first two weeks continue to be highly significant. If a physical office environment is lacking due to COVID, it requires creativity to find ways to reach people effectively.”
The most important thing with onboarding is to take ownership and to be there.
7. Foster a Professional Interest in the Industry
Reflecting on his own journey in cyber security, Hen shared, “I find it’s significant if you can encourage your analysts to develop a connection and love of the profession. As the cyber security industry develops continuously, there are new trends and new attacks that evolve all the time. Read the news and stay updated about what’s going on. It’s also important to encourage the team to work on developing new solutions, by allocating both time and money for this type of innovation. These are the things that keep an analyst engaged.”
8. Design a More Comfortable Office Environment
From a human resources angle, Maayan said that “One of the results of COVID was that hybrid is now the norm. This wasn’t the case before, but SOC analysts now expect to choose whether they want to work partly from home, and to determine how frequently they will be coming into the office.”
As we move out of COVID, she added, “It’s important that there be appealing workspaces available for security professionals – an attractive in-office SOC environment. We want to continue to encourage people to come to the office, because the face-to-face interactions, the collaboration – it’s as important as ever. There are more opportunities to exchange ideas and brainstorm with other SOC analysts when everyone is in the office.
9. Create a Feeling of Belonging
At the end of the day, SOC analysts want to have a good feeling about their place of employment, and Hen enumerated several ways to accomplish this. “Beyond the work,” he said, “you want the company to demonstrate that they are living their values, which creates a good feeling, a personal connection. In addition, you want people to feel part of the company journey – to know that as the company moves forward, so will they.” He added, “I know that at CyberProof, I have opportunities to impact the development of the product and its features. This is one of my responsibilities, and this kind of involvement makes a big difference.
Hen also pointed out that, “Perhaps it goes without saying that people need to be happy with the terms of their employment. SOC analysts are regularly being headhunted – so, managers need to make sure their team members are happy with the conditions they receive at the SOC. Managers also need to make sure their team members are comfortable enough to have honest, authentic discussions with them about the problems that arise. You can’t forget that there’s always the temptation to move on, even if this is not a rational decision.”
I know that at CyberProof, I have opportunities to impact the development of the product and its features. This is one of my responsibilities, and this kind of involvement makes a big difference.
10. Encourage Personal Growth
Maayan said that, as a manager herself, she frequently draws inspiration from Alice in Wonderland’s famed Cheshire cat. “’If you don’t know where you want to go, then it doesn’t matter which path you take’ – that’s what the Cheshire cat says.” She explained further, “As managers, we can help SOC analysts develop a path, figure out where they are headed. Having the path itself makes a huge difference. Each SOC analyst needs first to create a vision or roadmap, and then work toward it.”
Maayan continued, “As managers, we want to provide support in this process: Divide the vision itself into smaller, smarter KPIs. In other words, help people establish goals that are S.M.A.R.T. – Specific, Measurable, Achievable, Realistic, and Timely. Doing this requires having 1-on-1 meetings with team members on a regular basis – something that’s always important but is particularly crucial when people are working from home. Get to know your team and understand what motivates each of them. Encourage each person to grow and, where possible – depending on the size and structure of the organization – encourage them to move into new and different positions, so they continue to learn.”
Experience shows that SOC leaders who invest thought, time, and resources in the well-being and personal development of each SOC analyst can effectively reduce burnout and improve retention.
Conclusion: For Cyber Security Leaders, Attracting and Retaining Talent Requires Hard Work
The talent gap in the cyber security industry is growing, as the number of unfulfilled jobs continues to increase. There’s a limited pool of cyber professionals, and it’s not easy to keep them on board.
Experience shows that SOC leaders who invest thought, time, and resources in the well-being and personal development of each SOC analyst can effectively reduce burnout and improve retention. While it’s clear that the talent gap is here to stay, there is much that can be done to strengthen your team and create a more robust organization.
Want to learn more about how to improve the efficiency of your SOC, reduce alert fatigue, and prevent burnout? Contact CyberProof’s experts today!