Skills shortages are only part of the talent problem facing SOCs

Skills shortages are only part of the talent problem facing SOCs

The quality of communication in the workplace has lessened in recent months due to the chaos caused by the pandemic. Richard Cassidy, Senior Director Security Strategy EMEA at Exabeam, considers some of the important foundational factors that can directly impact talent retention in today’s SOC teams and says a strong sense of community and belonging can help contribute to a staff member’s decision about remaining with an employer for the long-term.

The perennial worldwide skills shortage facing cybersecurity teams has cast a shadow on the industry in recent years, with a lack of available talent causing considerable concern. There are signs, however, that the trends may be shifting, with the 2020 CyberSecurity Workforce Study from (ISC)2 revealing that the global workforce gap had decreased from 4 million to 3.1 million – the first time its study has recorded a fall.

This is positive news, but doesn’t hide the fact that in the same study, 56% of respondents said that cybersecurity staff shortages are ‘putting their organisations at risk’. While focusing on these trends serves a vital purpose, to an extent it has taken the spotlight away from another critical influence on the effectiveness of security teams: staff retention.

For example, anecdotal accounts of staff retention rates suggest that Managed Service Security Providers (MSSPs) retain junior SOC analysts for just 12 to 18 months on average. This is far from ideal and any organisation that has experienced significant staff turnover will understand that it not only affects team culture, despite the best efforts of everyone involved, it can have a material impact on the quality and consistency of work. In the cybersecurity context, this could detract from the ability of SOCs to keep attackers at bay.

Across many cybersecurity teams, therefore, staff retention at all levels requires leadership stakeholders, from CISOs and HR professionals to C-suite leadership to re-evaluate what influences people to look for a new role or not. In doing so, there are four important foundational points that can directly impact talent retention in today’s SOC teams:

  1. Invest in effective leadership

Effective leadership can be make or break for staff retention on any team, and in cybersecurity environments, over half the respondents in Exabeam’s 2020 Cybersecurity Professionals Salary, Skills and Stress Report highlighted the need for leadership to take better care of employees to avoid burnout. Employees often place a great deal of value in working for an organisation that cares about them, particularly when that culture is led by the most senior people.

In practical terms, when leading teams through cybersecurity incidents or other uncertain times, management should be the first person the team looks to call. As a rule, CISOs and other security managers should be conscious of the stresses placed on their teams and be approachable enough to help when times might be tough. Many people will reciprocate a caring team culture with their loyalty, and the most modern organisations do whatever they can to deliver effective leadership.

  1. Embrace creativity and passion projects

While moments of downtime may be brief for security teams, it is important to plan projects that help reinvigorate their passion for the work or give the opportunity to develop new skills and experience. Don’t treat your cybersecurity team as a ‘transactional’ one. Involve them in project strategy, gain their feedback on what the business needs and listen to their ideas. This will undoubtedly promote innovation and can transform the individual contributor to an investor in the business vision.

These are some of a wide variety of factors that will influence the loyalty of security staff who know they are in demand and who have become used to moving roles themselves or have seen colleagues leave to take up new opportunities. But by creating a strong, supportive working culture that is focused on the pressures faced by people working in the security industry, while also providing opportunities for growth, employers can minimise staff turnover and more effectively meet their important responsibilities.

Gamification and skills enhancement is one of the key elements in keeping your cybersecurity teams emphatically involved in delivering on business outcomes in a passionate manner. SOC teams will always seek the opportunity to grow their skillset beyond the day-to-day service and project delivery conveyor belt; promote skills enhancement workshops, take interest and ownership in the career development of SOC teams and create an environment where they can compete against one another to foster learning, growth and ultimately, innovation.

  1. Optimise physical SOC workspace

Under normal circumstances, security teams spend a lot of time in the SOC, and with the outlook gradually shifting towards post-pandemic normality, many organisations will be finalising their long-term options. Whether remote working remains part of SOC working culture is a decision for each leadership team, but those who retain shared working environments should understand they play a role in staff retention.

For example, the design of a shared SOC space should, ideally, seek input from each member. This not only helps ensure all voices and ideas are heard, but can also result in environments that improve collaboration, while the provision of facilities such as break rooms, outdoor areas and conference rooms can do a lot to boost employee morale. 

  1. Collaborate effectively to minimise the risk of burnout

Many security professionals across the industry will be familiar with the challenge of evaluating thousands of alerts a day trying to identify actual incidents – it’s this kind of labour-intensive work that often brings with it the threat of burnout. Addressing this very real risk to staff retention has led many SOCs to invest in Machine Learning-based user and entity behaviour analytics (UEBA) to help ensure that malicious activity is not overlooked, lessen the occurrences of false positives and reduce stress by freeing up overloaded security teams.

In Exabeam’s 2020 State of the SOC report, over 60% of respondents said teamwork was the most important soft skill. Indeed, effective teamwork across security operations has been shown to streamline processes and help deliver training for new employees – always an important factor in retaining new talent. The problem is, security teams can often be siloed from the rest of company operations, whereas strengthening working relationships with IT, development and operations can help improve response times and create better cooperation even among a distributed workforce. As a result, lines of communication should be established to foster relationships between security staff and the wider organisation overall. A strong sense of community and belonging can help contribute to a decision about whether to remain with an employer over the long-term.

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive