Building a strong SOC starts with people

I manage a Security Operations Center (SOC) in the midst of the Great Resignation and a huge cybersecurity skills gap. During that time, I learned a few surprising things about how to recruit and maintain a cohesive SOC team.

A 2021 Devo study of more than 1,000 cybersecurity professionals found that working in a SOC has unique pain points, including the amount of information to process and the nature of the strain of the job. Alert fatigue also contributes to this pain.

I’ve found that retaining SOC staff and engagement starts with a SOC’s most important asset: its people. A people-centric approach not only helps reduce fatigue and burnout, but it also empowers employees to seek opportunities for their own development, which greatly contributes to retention. Here are three ways I rely on supporting my SOC colleagues.

Give and receive regular feedback

Actionable feedback, both given and received, is something people naturally desire. When done proactively, the team gains a clear understanding of its performance while building trust with its leaders. Even if everything is going well, it is imperative to let your colleagues know what they excel at. This positive reinforcement often has more impact than letting them know when something needs improvement.

I have an open door policy with my team, which allows for a consistent feedback loop. If I need to do more for my team, I expect them to tell me where I can improve. on the other hand, hearing if something is going well helps me better calibrate my leadership style for my team.

I also encourage others to find departments within your company that will provide 180 degree feedback. It’s vital for me as a leader and employee, as it allows me to check my own blind spots. As a leader, you should want to discover areas where you can grow and better support your team.

Rotation of tasks and responsibilities

On my team, I alternate everyone between alert management, self-paced training, and project work. This not only gives each team member a window into different aspects of the SOC and a job to grow in, but it also takes some of the monotony and stress out of the job.

For example, if you have to come to work every day and constantly worry about urgent tickets and customer requests, you will feel anxious and like you constantly have to solve other people’s problems. These feelings contribute powerfully to burnout. Additionally, finding ways to automate regular tasks will reduce the stress and load placed on the team so they can focus on more strategic work.

Promote interactions across the company

It can be easy to get lost looking at every tree in the HOC, when you should be focusing on the corporate forest instead. That’s why I encourage my team to take a step back and realize how much their work helps the company and the community.

I do this by coordinating opportunities for my team to work with people outside of their field, such as in sales or marketing, so everyone understands the product and overall goals. Additionally, helping others outside of your team and even your company helps you understand the value you bring and where others can benefit from your team’s support and expertise.

I encourage my team to complete a quarterly “Do Good” project, which focuses on the needs of the business and the wider security community. For example, how can we work together to educate others about bad actors and mitigate the threats they pose? In April, the SOC team identified and validated IP addresses that were used for attacks at several of our customers. Once they were identified, we made sure they were publicly available so others could leverage our knowledge to block attackers.

Doing projects like these reminds the team how critical their work is and unites us around a common goal.

The key differentiator: how people are treated

How leaders treat their employees is a key differentiator in today’s job market, especially as many organizations seek creative ways to address the ongoing shortage of cybersecurity talent. It goes without saying that employers should also look to train employees rather than expecting them to be in an entry-level position with 30 years of experience and a CISSP certificate.

When I hire, I look for a solid foundation and proven self-starter, as well as the potential – and desire – to grow, rather than previous experience. It’s always rewarding to give deserving people a chance and see them thrive.

Plus, having your team go through self-paced training and educational opportunities allows each person to work on skills and techniques that will only help the business down the line. Fostering that growth is just good business.

While there is certainly no one-size-fits-all approach to people management, as every person, SOC and business is different, keeping your people at the heart of everything will never go out of style. The stronger your employees, the better off your SOC and your organization as a whole will be.

Leave a Reply