CISO Leadership Panel: Tips on Hiring and Keeping SOC Talent

Reading Time : 4min read

Due to economic pressures, staffing reductions, and lack of available talent, CISOs today are facing extreme pressure to do more with less. And retaining your best employees during tough times is becoming a major challenge across industries.

Research at Devo shows SOC analysts are feeling stressed over too much work and not enough resources. In fact, more than 71% of SOC professionals we surveyed said they’re likely to quit their job because of information overload and lack of tools.

Why the discontent? Alert fatigue is a sore spot for SOC analysts. The sheer volume of data they collect and analyze to thwart cybercrime now includes transactions, mobile devices, IoT devices, and the list goes on.

To make matters worse, the SOC analyst pool today is limited, and the competition for talent is tougher than ever. In fact the average time to fill a SOC position can be 7 months long.

Devo’s CISO Kayla Williams recently addressed these hiring and retaining issues on a panel with security leaders from FanDuel, Accenture Financial Services, and H&R Block. The group identified several steps you can take in this new competition for talent including:

Respect Work and Life Balance: Take an employee’s life challenges into account when you build hiring and retention strategies. For example, expecting staff to check in or be on call while they’re off isn’t fair and will lead to resentment. Everyone needs a break from work, so make sure high-level performers take time off as well. Other benefits such as PTO, flexible work hours, and mental health services will set your organization apart and attract new employees.

Build Skills In-House: Invest in advancing the skills and career trajectory of your analysts. This rewards the current staff for their contributions and provides a more enticing environment for hiring new candidates. For example, CISOs can tap into a larger talent pool if they relax job requirements and instead build cyber skills internally by providing education, training, and certification support for employees.

Hire Outside the Box: College degrees and several years of experience simply aren’t necessary for success for many cybersecurity positions today. To fill open spots, consider hiring veterans, new graduates, and people transitioning from other careers who have an interest and passion for cybersecurity.

Turn to Automation: Are you using automation and intelligence to offload work that can be done more effectively by machines than humans? Tools are now available that can take on some of the more tedious, exhausting areas of SOC work. By applying analytics, your SOC analysts can devote more energy to investigating substantial threat incidents, reducing the probability of successful attacks and boosting productivity. Automation eliminates the manual rinse-and-repeat work of spotting and triaging of thousands of alerts, which often leads to analyst burnout and wasted resources.

You can listen to the full CISO webinar and hear first-hand how focusing on tactics, techniques and tools can alleviate stress and provide better support for SOC workers.

Frequently Asked Questions

What specific automation tools and technologies can be implemented to reduce alert fatigue and enhance the efficiency of SOC analysts?

Security Information and Event Management (SIEM) Systems: These tools can aggregate and analyze log data in real-time, helping to identify and prioritize security incidents.

Security Orchestration, Automation, and Response (SOAR) Solutions: These tools can automate incident response workflows, reducing the manual effort required to handle alerts.

User and Entity Behavior Analytics (UEBA): These solutions use machine learning to identify anomalous behaviors that may indicate security threats, thereby reducing false positives and alert fatigue.

Endpoint Detection and Response (EDR): These tools provide automated detection and response capabilities at the endpoint level, helping to mitigate threats quickly.

Threat Intelligence Platforms (TIPs): Integrating TIPs with existing security tools can help enrich alert data with context, making it easier for analysts to prioritize and respond to the most serious threats.

Structured Training Programs: Implement comprehensive training programs that cover fundamental cybersecurity concepts, tools, and practices. Organizations like SANS Institute and (ISC)² offer various courses and certifications.

On-the-Job Training: Pair less experienced employees with seasoned cybersecurity professionals to provide hands-on training and mentorship. This can accelerate skill development and practical knowledge.

Certifications and Continuous Education: Support employees in obtaining relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH). Offering reimbursement for certification exams can incentivize further learning.

Internal Workshops and Hackathons: Regularly organize workshops, hackathons, and simulations to provide practical experiences and encourage continuous learning and innovation within the team.

Cross-Functional Rotations: Allow employees to rotate through different roles within the IT and security departments to gain a broader understanding of cybersecurity from various perspectives.

Shift Scheduling: Implement a shift-based system to ensure 24/7 coverage without overburdening any single analyst. Ensure shifts are reasonable and provide adequate rest periods between shifts.

Flexible Work Hours: Offer flexible work hours or remote work options to help analysts manage personal commitments alongside their professional responsibilities.

Employee Wellness Programs: Invest in mental health resources, such as access to counseling services and stress management programs. Encourage regular breaks and time off to prevent burnout.

Automate Routine Tasks: As previously mentioned, using automation tools to handle repetitive and mundane tasks can significantly reduce the workload on SOC analysts, allowing them to focus on more critical and engaging activities.

Clear Policies on Off-Hours Availability: Establish clear policies that respect employees’ time off. Avoid requiring analysts to check emails or be on call outside of their scheduled working hours unless absolutely necessary, and ensure that emergency on-call duties are fairly distributed.

Recognition and Rewards: Acknowledge and reward the hard work and contributions of SOC analysts. Regular recognition can boost morale and job satisfaction, helping to retain top talent.

Ready to release the full potential of your security data?

Tour the Product Request a Demo