4 Reasons Why SOC Superstars Quit

Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.

Edy Almer, VP Product, Cyberbit

July 10, 2019

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Finding and hiring talented cybersecurity analysts is difficult enough. Keeping them on board after they're trained and acclimated to your organization's IT infrastructure and operations is an even bigger challenge. If high-performing security operations center (SOC) staff are unhappy or unfulfilled, they'll move on, and they have plenty of options.

According to ESG and ISSA's "The Life and Times of Cybersecurity Professionals 2018" (registration required), 44% of survey respondents were solicited by recruiters at least once a week and 76% were solicited at least once a month. My job keeps me in front of SOC staff, their managers, and (usually) up the org chart to the CISO. So, when someone leaves, I hear multiple perspectives on why so many analysts job-hop. Here's what drives them out the door:

1. No Room for Growth
The problem with managing smart, ambitious people is that they are smart and ambitious. The best cybersecurity analysts are highly intelligent and fast learners, and they love a good challenge. Unfortunately, the day-to-day operations of your SOC can get monotonous. Over time, this can leave your best people unsatisfied. Managers who balance the mundane aspects of the job with more strategic projects are much more likely to keep SOC staff engaged. You should also look for ways to reward and advance your highest-performing team members.

2. Burnout and Alert Fatigue
Your best analysts can fly through a mile-high stack of alerts at breakneck speed and never miss a thing. And how do you reward them? With more work. On the one hand, it's perfectly fair. You hired them for their expertise, efficiency, and ability to perform under pressure. But you also need to be aware of burnout and alert fatigue. Too many alerts create a particularly pernicious type of stress that occurs when a person has no control over the pace of incoming work — work that literally never ends. If an analyst feels she or he is stuck on a hamster wheel, they are unlikely to stay.

3. Lack of Executive Support and Engagement
It is difficult for analysts to remain motivated when they feel like the powers that be don't have their back. That support can take many forms, but one very clear indicator that security isn't a business imperative is if the organization fails to provide critical tools analysts need to do their daily work. Modern networks are way too complex for analysts to do their jobs without sophisticated tools. Don't set them up for failure. Make sure cybersecurity is a valued and part of your corporate culture — a culture that will motivate your best team members to stick around.

4. Money
Yes, money matters. Financial compensation plays a big role when analysts look for new opportunities. With zero percent unemployment and a growing skills shortage, upward pressure on salaries will continue for the foreseeable future; there's no way around this one. Keep up to date on salary and compensation trends and make sure you are competitive.

5. Not Enough Professional Development/Skills Training
Roughly 96% of the 267 cybersecurity professionals responding to the survey believe that organizations face a significant disadvantage against cyber adversaries if they don't keep up with their skills, and 66% say that keeping up with their skills is difficult to do because of the demands of a cybersecurity career. This conundrum is pervasive, but don't let training get pushed aside due to the grueling pressure and demands of a SOC. Budget and schedule training sessions as "non-negotiable" and get creative and fun about new ways to challenge team members and develop their skills. Ask any analyst. They will tell you that training keeps them engaged, challenged, and happy.

Next time the industry is aflutter about the latest attack strategy, give your team members a chance to jump in and learn to defend against it. Put their response skills to the test in as realistic a setting as possible. It will get their blood pumping and give them the pride and confidence of knowing that they are ready to face dangerous and capable attackers. Capture the Flag is a Black Hat tradition for a reason — competitions are essentially team trainings that bring people together and provide participants with a forum to practice and show off their skills.

Analysts know they are a hot commodity, in the enviable position of writing their own ticket. If you want yours happy at home in your SOC, keep them at the forefront of emerging trends and methodologies and make sure their contributions to the business are acknowledged.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

About the Author

Edy Almer

VP Product, Cyberbit

Edy Almer leads Cyberbit's product strategy. Prior to joining Cyberbit, Almer served as vice president of product for Algosec. During this period the company's sales grew by over four times in five years. Before Algosec, Almer served as vice president of marketing and business development at Wave Systems, an enterprise security software provider, following its acquisition of Safend where he led business development, marketing and product management. Prior to Safend, he managed encryption and endpoint DLP products within the endpoint security group at Symantec. He also was CTO for Partner Future Comm, Orange's Corporate VC arm, and served in the IDF intelligence corps.  Almer holds a B. Sc. in electrical engineering from the Technion and an MBA from Tel Aviv University.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights