Obtain it from a reliable source. In my previous job, I worked night and day in a Security Operations Centre as an analyst (SOC). In order to protect our environment, my small team of analysts was tasked with sifting through hundreds of alerts each day, analysing logs from various tools, blocking on indicators of compromise (IOC), neutralizing confirmed threats on a hybrid network littered with unpatched personal endpoints, dealing with shadow IT, tracking daily threat metrics… And there’s a long list of other things, too. The word “overwhelmed” is a massive understatement.
Overworked and underappreciated security analysts can be found in all SOCs, regardless of their specific tasks and maturity levels. As threats and attacks continue to rise, it’s becoming a cross-sector riddle. 96% of the analysts asked indicated they felt substantial personal damage following cybersecurity breaches, while more than a third of respondents reported feeling sadness or losing sleep, according to a Palo Alto Networks-commissioned study.
Security analysts’ health and well-being statistics aren’t limited to that. This anthropological study reveals that modern analysts become disillusioned for a variety of reasons, including encounters and daily problems.
There isn’t much we can do to combat an ever-evolving landscape of cyber threats and digital fraudsters short of a technological miracle. It’s possible to improve the quality of life for front-line infosec soldiers, however. Morale and culture in an industry established on binary systems must be examined if we want analysts who will brave the computerized war.
5 strategies to empower your analysts and improve security posture.
- Train on core tools
Analysts have to deal with tedious chores such as creating tickets or blocking IOCs or commencing customer outreach. To add insult to injury, the process of writing down these little events was an unpleasant experience. Every minute spent on these menial activities was a minute taken away from monitoring the network.”
The importance of recording and documentation cannot be overstated; no one disputes that. However, if you want to get the most out of your human resources, focus on tasks that necessitate in-depth analysis and complicated problem-solving. Reliability and operational efficiency can both be improved by automation that is as simple as scripting or using APIs, while at the same time freeing up human resources for more important tasks. Look at your day-to-day duties and see if you can automate any of them.
- Stimulate growth
There is nothing worse than feeling as if you are on a never-ending journey to nowhere. The quickest way to lose valuable, hard-to-find talent is to neglect them. While we appreciate your efforts, we understand that you have a lot on your plate, especially as CISOs and SOC managers. It’s worth it, however, to set out a few minutes each week to check in with analysts and show them that you’re paying attention. Let others know you’re there—celebrate wins and offer advice! Preventing burnout can be achieved with a little leadership hype.
Additionally, give your analysts the freedom to focus on certain technical areas that interest them. A pen testing training on Kerb roasting is a good idea if you use Kerberos authentication in your environment and an analyst exhibits interest. Aside from the possibility of becoming an SME, their newly acquired abilities will be beneficial to the organization.
A Lunch and Learn or a team training session is a great way for security analysts to spread the word about their expertise. Investing in an analyst’s education and training is an investment in the entire team. To achieve higher operational maturity and an army of analysts ready for promotion, a pipeline for growth must be established, regardless of whether it comes from a vendor or a peer group.
- No quotas
The quality of the work, not the number, should be the metric used. To gauge the overall effectiveness of a security operations centre (SOC), specific performance measures such as the severity of work handled, time spent on alarms, and activities performed are useless. A devil takes the hindmost type of situation that might arise when individual quotas prevent thorough investigation and can lead to poor management of an occurrence.
Analytical metrics can be tracked at a macro level to measure team performance, and it’s quite acceptable to do so. Team-level data can help you identify knowledge gaps, process inefficiencies, and tool deficiencies, as opposed to analyst-specific quotas, which emphasize speed above all else. That would be an area to investigate if your team’s mean time-to-containment (MTTC) was consistently exceeding four hours per occurrence. Ultimately, analysts will be able to take a breather in a high-stress, high-performance atmosphere if they shift their focus from individual to organizational performance.
- Work-life balance
SOCs’ “always-on” mentality is impacting operational efficiency and, as previously said, the physical and emotional health of security analysts all around the world. Humans require rest, whereas tools do not. Strive to achieve a healthy work/life balance by establishing a company culture that values both. Two minutes of lost productivity are incurred for every minute of off-hours work by an analyst. That all adds up. Analysts that are overworked are less productive. It’s in our nature to do things like that. Encourage employees to take time off and set an example by doing it yourself.
Hire more analysts or consider an alternative work pattern, such as four 10-hour shifts or three 12-hour shifts, if you implicitly expect analysts to work extra hours (state labour laws apply here, so do your research). Reducing stagnation and low morale can be combated by rotating schedules at the very least every two years. Finally, make provisions for the possibility of analysts working remotely in the future. Since we were all forced to work from home with no time to prepare, the security business has shown that a remote workforce can flourish. Consider how much more productive and innovative your team could be if they had access to the same tools and support as security teams in the face of a worldwide epidemic.
- Automate
Analysts must deal with tedious chores such as creating tickets or blocking IOCs or commencing customer outreach. To add insult to injury, the process of writing down these little events was an unpleasant experience. Every minute spent on these menial activities was a minute taken away from monitoring the network.”
The importance of recording and documentation cannot be overstated; no one disputes that. However, if you want to get the most out of your human resources, focus on tasks that necessitate in-depth analysis and complicated problem-solving. Reliability and operational efficiency can both be improved by automation that is as simple as scripting or using APIs, while at the same time freeing up human resources for more important tasks. Look at your day-to-day duties and see if you can automate any of them.
Final Words
I’ve seen the good, the terrible, and the ugly throughout my time as a SOC analyst and a SOC leader. More times than I care to confess, I’ve witnessed folks crumble under the weight of it all. In addition, I’ve experienced these individuals’ humanity, resiliency, and technical prowess. Logs would be ignored, threats would go unreported, and network security would be in jeopardy without the expertise of analysts. As a result, join others who are keeping watch and rise. Be a role model for a new generation of cyber leaders and protectors. Even a little selflessness may go a long way, especially when it’s done for the greater good of the community.
Read More:
Benefits Of A Security Operations Centre
