How to Foster a Productive SOC Culture

According to the 2021 Devo SOC Performance Report^TM — which is based on the results of a survey of more than 1,000 security practitioners — having an understaffed SOC or constant turnover of security talent can cripple an organization’s security posture. Let’s look at some of the root causes that can lead to these two interconnected problems.

SOC workers who are dissatisfied are one obvious cause of turnover. Another contributing factor is poor communication on the part of SOC leaders. Almost 60% of survey respondents gave low grades to leaders for how well they communicate SOC strategy to those “in the trenches.” 13% of respondents rated their bosses a 2 or lower on a 10-point scale, while the majority rated this important skill for building and managing teams at no higher than 6. This presents several challenges for SOC leaders, particularly when it comes to recruiting and, more importantly, retaining employees.

Here are three ways to help ensure positive outcomes for both SOC leaders and analysts:

1. Establishing a shared perspective on what it takes to get the job done
2. Refuting fear and interdepartmental conflicts by promoting an open-door policy
3. Prioritizing culture, collaboration and communication

In this concluding post in our blog series revisiting key findings of the 2021 SOC Performance Report, we’ll look at these approaches and the challenges they address.

The Quality, not Quantity, of Tools Matters

SOC leaders, naturally, have expectations of the analysts who work for them, particularly when they believe they have given the analysts everything they need to get the job done. However, when it comes to areas of SOC ineffectiveness, the two groups disagree on the root cause. According to the report, 65% of leaders cited “visibility into the attack surface” as being a major problem. 61% of staff, on the other hand, believe the primary factor contributing to SOC ineffectiveness, is “having too many tools.”

If SOC workers tell their bosses they don’t feel they’re set up to get the job done, leaders may respond by giving them more tools. Based on the survey results, the majority of analysts don’t believe they need more tools, they feel they need the right tools. That’s why establishing alignment between the SOC leaders and staff is critical for SOC success.

The Domino Effect

Respondents also identified other barriers to SOC success. The top two responses are “Lack of visibility into the IT security infrastructure” (64%) and “Turf or silo issues between the organization’s IT security operations and SOC.” These related topics point to internal friction that hinders SOC performance. While the need for more people, tools or other resources generally requires additional funding (or at least budget reallocation), organizational control issues can be addressed by working to create better communication and cooperation between groups. After all, both security operations and the SOC have the same goal: keeping the organization safe from cybersecurity threats.

Prioritizing Culture

The survey results also identify sizable gaps between how leaders rate SOC effectiveness compared to staff. Some of that is likely due to the nature of each group’s work and how well the SOC hits performance goals. The findings point to the two groups failing to see the complete picture of what the SOC needs to accomplish. Better communication and sharing of perspectives and goals can help leaders and analysts better understand how the other group views their shared world.

There are many additional insights to be gleaned from this survey of professionals who must deal with the challenges that exist in today’s SOCs. Read the full report to learn more.