Building a Healthier and More Productive SOC

Security professionals are burning out, and they often aren’t getting enough support from their higher-ups. In fact, Devo and Wakefield Research have found that 45% of IT professionals surveyed felt that their leaders haven’t proactively responded to employee burnout, and 59% wish their leaders would offer additional training, mentorship, and development. Responsibility for tackling this issue lies with InfoSec leaders and their organizations. 

A whopping 76% of respondents agree that their IT leadership would not make it through one workday dealing with the number of alerts they manage. This figure is very concerning to me as it highlights the disconnect that exists between leaders and the people who carry out such business-critical operations. Unfortunately, it’s also not surprising. The “boots on the ground” employees in many companies often feel that management doesn’t understand just how much stress they face. And it’s not just alert fatigue that contributes to burnout. Security professionals also grapple with an ongoing battle for resources, cross-collaboration challenges, and issues with prioritization that can result from a lack of commitment from the leadership team. 

Companies must create workplace cultures that prioritize employee well-being by providing access to mental health resources, offering flexible work arrangements, investing in technologies that boost productivity, and instituting stress-reduction initiatives. 

While burnout and mental health issues can’t be solved overnight, when organizations proactively adopt solutions and maintain an employee-first mindset in their decision-making, they can make strides toward a healthier, more sustainable security community. 

A combination of frequent training, mental health support, and implementation of automation technology can go a long way toward easing some of these pressures and ultimately creating a better situation for everyone. 

What you can do to prevent burnout 

It’s crucial to fully understand the stressors that SOC analysts face each day. As Peter Coroneos, founder of Cybermindz (see below), said in an interview, “People… are actually shocked to understand that these invisible workers that are protecting all of society are in such a state of fragility.”

The next step is to prioritize their mental health. One way to do this is to partner with organizations like Mental Health Hackers or Cybermindz, a not-for-profit organization focused on improving cybersecurity professionals’ mental health and well-being. They teach the evidence-based iRest protocol, which is used to treat conditions like anxiety, depression, and post-traumatic stress. 

Mental health support is essential 

Organizations must keep their environments and data secure because the stress in the SOC can be unrelenting. This can translate to job dissatisfaction and stress-induced illness. A full 85% of cybersecurity pros feel they’ll need to leave their company or role due to burnout. Some choose to leave the profession entirely.

Yet too often, IT security experts hear that they must accept the stress they are experiencing. More than 80% of workers are informed that stress and burnout are common workplace occurrences, with the majority (52%) hearing this sentiment frequently or constantly.

Automating all you can

More than half (55%) of research participants want their leaders to invest in automation tools to help reduce analyst burnout. Some valuable automation SOC use cases include:

• Identifying known threats—malicious code that has previously been observed—is one of the best uses of automation in the SOC. To successfully automate the tedious tasks involved in identifying those known threats, security teams can create playbooks. This frees up analysts’ time to concentrate on more important, higher-level work.
• Verify the seriousness of threats to ensure proper prioritization and action: Automated deployment of advanced persistent threats (APT) is a tactic used by threat actors in their never-ending attempt to compromise security. Even the best human analysts can be defeated by the torrent of attacks and distractions they automatically carry out. SOCs must deploy automation to frustrate these initiatives and level the playing field.

The SOC automation playbook is activated when analysts detect threat activity to confirm the gravity of the threat and any potential harm it’s done. Analysts would have to perform a great deal of manual work if they lacked an automation playbook, like checking firewall logs to determine whether all malicious activity had been stopped. Consequently, attackers would have more time to complete their goals. Automation will significantly reduce this advantage.

• To increase team productivity and retention, let automation augment the work of Tier-1 analysts: Automation improves the effectiveness and efficiency of the SOC while relieving analysts of monotonous, tedious duties that contribute to burnout. By automating those repetitive operations, analysts can concentrate on the threats that are most important to their organization.

Automation can help junior analysts advance their careers. Tier-1 analysts have more time for training and development when routine jobs are automated. They can work with knowledgeable co-workers on the crucial task of locating and neutralizing the most serious threats. Organizations get a group of analysts with superior training and experience who are also happier in their jobs. As a result, they are more inclined to stick with the company for the long run since they feel important to its success.

Aim for ongoing, consistent training

Training SOC team members is vital to enhancing their skills and motivation, which helps to reduce stress and encourage retention. Some appropriate training options that SOC professionals might find beneficial and interesting include threat intelligence analysis, machine learning and AI, security certifications, soft skills training, and Red and Blue Teaming Exercises. Vendor-specific training should be built into contracts with vendors as well, so that teams know to effectively use the tools they purchase. 

To make these training and awareness programs exciting and engaging, consider incorporating gamification, capture the flag (CTF) challenges, and real-world scenarios. Customization is also important; tailoring training programs to meet the specific needs and interests of your SOC professionals will boost engagement and help with job satisfaction. When people feel informed and invested in – and they can effectively use their tools to offset job stress – this can go a long way toward helping the burnout challenge. 

Provide opportunities for your SOC team members to get away from their desks and attend conferences, workshops, and webinars. Having these interactions and experiences is vital to keeping up with the latest cybersecurity trends and technologies. Connecting with peers allows for additional burnout prevention tactics.

Less burnout, more job satisfaction and increased productivity  

Cybersecurity is a critical function for organizations today, requiring SOC analysts to perform at the top of their game. Yet the always-on nature of this work often leads to burnout and mental health struggles. IT leaders must create a culture where it’s safe to talk about these struggles. Analysts need the resources to help overcome them, including ongoing training, mental health assistance, and the automation technology that lightens their load. Dive deeper into the current burnout situation in cybersecurity by reading the full Wakefield Research study.