Early bird gets the worm: SOC success starts prior to staffing it

Image from Unsplash

The cybersecurity staffing shortage has long been a topic of conversation, but it’s reaching a boiling point in 2022. The risks associated with this talent gap have been obvious to those within the industry for many years, but concerns have now gone mainstream, with looming threats spurring the White House to hold a July summit addressing the hundreds of thousands of unfilled cybersecurity positions in the United States.

However, as many seasoned security folks know, filling empty seats won’t solve all of the industry’s problems. Before all else, folks involved in the hiring process need to focus on constantly cultivating workplace culture to improve employee retention rates. Security roles certainly need to be filled as soon as possible, but having all the right tools and solutions is not enough to retain the best talent — staffing security operations centers (SOCs) is only half the battle.

Don’t be afraid to get personal

Before even posting a job listing, organizations need to make sure the onboarding process is as streamlined and comprehensive as possible. Employees need to feel confident and supported from the start, but they also need to feel engaged and immersed in the company culture. Retention comes from a shared sense of purpose, and this must be a critical part of any training and orientation.

A shared goal can establish this sense of purpose. To help define this, implement a 30/60/90 system, outlining metrics which directly relate to the company’s mission and vision within a new hire’s first 30, 60 and 90 days. Doing so will give new employees a more solidified sense of the role they play in moving the organization forward right from the start. With this 30/60/90 strategy, employees are in tune to what needs to be done quarterly and annually to stack up against each collective and individual goal. By laying this groundwork during the onboarding process, employees immediately receive clear expectations and inevitably experience less stress.

Many SOC employees in particular feel an instant pressure to prove themselves upon starting a new position, so it’s important for team leads to effectively communicate expectations and give them a grace period to walk before they run. In most cases, it’s beneficial to give new hires time to get to know the platform and the company culture. When they are able to stand on their own two feet, they can hit the ground running with a holistic understanding of how to navigate threat investigation, detection and response as it pertains to the company’s specific environment.

Cut down on wheel-spinning

In today’s hiring landscape, having a fully staffed SOC is certainly something to write home about, but it’s not enough.

If employees can’t be retained, organizations are back at square one. A major driver of security employee dissatisfaction at work is constant wheel-spinning. Almost 27% of alerts received by security teams end up going ignored or not investigated. Among those that are pursued, on average, it takes about as much time to assess actual threats versus false positives. As a result, it’s pretty impossible to grow a security team without providing the right resources to handle basic threat detection and response.

To add insult to injury, security teams feel undervalued. It’s no secret that the board is typically most concerned with productivity loss from security incidents, rather than training and internal staffing of its teams. In actuality, both can be of high priority. A more effective approach to productivity leans into the “how and why” things get done and determining which tools to deploy to get there, and also takes into consideration what a healthy and reasonable workload looks like for security teams.

On the other hand, organizations need to be careful not to fall into the trap of acquiring too many tools for their security teams. While many are vital and necessary, having too many can be equally as stressful as not having enough.

To the SOC and beyond

Ultimately, it’s the people that keep a business going and that is where resources need to be placed. After a smooth hiring and onboarding, it then becomes time to start building on and adding value for those employees. Organizations need to recognize that it’s not enough to provide the means for success in their current roles, but more so their careers.

When all is said and done, a business is only as good as its people, and resources need to be allocated accordingly to reflect this. Setting the stage at the inception of the hiring process will ensure cybersecurity teams find the right prospects who appreciate the full range of professional development the company offers and are excited to work towards the common and individual goals. In turn, retention rates will spike. Turnover in some capacity is unavoidable, but in the end, it’s more productive to spend the time and energy ahead making sure that the right people for the job are given what they’ll need to succeed.

Bill Thrash is Senior Vice President of Customer Operations at Critical Start.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Within the healthcare security sector, as well as countless other sectors where security reflects a broad patient, customer, and employee pool, building a diverse and inclusive security team starts with focusing on diversity, equity, and inclusion (DEI) as any other business strategy.