The chicken or the egg? Setting up a successful SOC happens before hiring

By on May 5, 2022 0

With an immediate need to address the cybersecurity workforce shortage, and one that can only be exacerbated by looming threats, it can be daunting for security teams to know where to start. Not to mention that scarcity only perpetuates the problems plaguing the industry; with fewer people comes a higher volume of alerts per person, which leads to alert fatigue, then burnout, and finally turnover. However, staffing a security operations center (SOC) is only half the battle.

Unfortunately, not all of our problems will go away simply by staffing teams to meet the quota. First, we need to focus on developing our corporate culture to better retain talent after onboarding. There’s no doubt that security roles need to be filled quickly, but having the right tools and a full team isn’t enough to retain new talent.

Get your story straight

Before hiring can begin, it is crucial to have a consistent and solid onboarding process. This means implementing the right tools and techniques that cultivate engagement. Engaged employees are highly motivated to stay because they believe in working towards a common goal.

To define that end goal, establishing a 30/60/90 system that sets benchmarks directly tied to a company’s vision gives new talent a sense of direction when onboarding. With this tool, employees know where the organization needs to be at the end of each quarter and each year, and how to get there with daily tasks. Not only is it a clear way to set expectations, but it contributes to a positive outcome and reduces stress.

Creating a clear path is beneficial, but guiding employees on that path starts with knowing your people. Using a predictive index helps to understand what fundamentally motivates individuals. Not only is this information valuable, but it also helps set realistic expectations internally based on how that person works best. Plus, it makes those working in a team more aware of how to communicate and how to help new hires learn.

Upon stepping into a new role, many new employees feel they must immediately contribute to tasks and projects. It’s important to communicate clearly that they don’t have to investigate, detect and resolve anything upfront – there’s no shame in learning to walk before you can run.

From the SOC’s perspective, it’s beneficial to give new team members time to familiarize themselves with the platform and culture. This way, once trainings and courses are completed, they can do better when they are fully integrated into the team and can take on their duties with a thorough understanding of how to handle each situation.

The big resignation or the big retention, the choice is yours

What good is a prepared and motivated employee without the tools to do their job effectively and efficiently? Sure, it’s good to have the number of employees, but the next goal beyond hiring must be retention, and to do that, the barriers that cause friction for security teams must be removed. .

The security teams are going around in circles. Nearly 27% of alerts received by security teams are either ignored or not investigated. On average, for alerts that are investigated, it takes almost as long to assess real threats as false positives. It’s nearly impossible to mature a security team without providing the resources to handle basic threat detection and response.

To add insult to injury, the board is more concerned with the loss of productivity resulting from these incidents, and not with the training and internal staffing of its teams, which shows how the employees themselves are clearly undervalued. The two can co-exist as long as the approach to productivity focuses on the why and how of accomplishing it – determining what tools to use to maximize knowledge and capability with the end result of productivity.

This mindset needs to change. We need to know what is required and quantify it into a healthy and acceptable workload for the team tasked with executing it. Additionally, we also need to be aware of the resources we ask teams to use to fulfill their role. On the one hand, providing the SOC with vital tools is necessary, but providing too much causes unnecessary stress – there has to be a balance.

Success beyond the SOC

Ultimately, it’s the people who run a business and that’s where the resources should be placed. After a smooth hire and onboarding, it’s time to start developing and adding value for those employees. Organizations must recognize that it is not enough to provide the means to succeed in their current roles, but even more so in their careers.

While some prospects will only see dollar signs, those worth investing in will also see the benefits of a company that supports their professional development through training, certifications, and ultimately, employers who value not only company goals, but individual goals as well.

With an immediate need to address the #cybersecurity staffing shortage, staffing a Security Operations Center (SOC) is only half the battle. We need to focus on our workplace culture to better retain talent. #respectdataClick to tweet

Of course, you never want to see an employee leave, but it is better that they leave to reach new heights through the experience they have gained than because they have not had the opportunity to grow and to develop oneself. That’s not to say there won’t be turnover, but you’ll have a much higher performing security team – with higher retention – setting them up for success from the start.