Staff in security operations center (SOC)

Chicken or the Egg? Setting up a Successful SOC Happens Before Hiring

With an immediate need to remedy the headcount shortage in cybersecurity, and that need only further exacerbated by looming threats, it can be daunting for security teams to know where to begin. Not to mention, the shortage only continues to perpetuate the issues plaguing the industry; with less people comes a higher volume of alerts per person, which leads to alert fatigue, and then burnout and finally turnover. Staffing a security operations center (SOC) is only half the battle though.

Unfortunately, all our problems won’t go away just by staffing teams to meet the quota. First, we need to focus on cultivating our workplace culture to better retain talent after onboarding. There’s no question that security roles need to be filled fast but having the right tools and a full team is not enough to retain new talent.

Get your story straight

Before hiring can start, it’s crucial to have a cohesive and strong onboarding process. That means implementing the proper tools and techniques that cultivate engagement. Engaged employees are highly motivated to stay because they believe in working towards a shared goal.

To define that end goal, establishing a 30/60/90 system that outlines benchmarks that directly tie back to a company’s vision provides new talent a sense of direction when onboarding. With this tool, employees know where the organization needs to be at the end of each quarter and each year, and how to get there with day-to-day tasks. Not only is it a clear way to define expectations, it helps contribute to a successful outcome and reduces stress.

Creating a clear path is beneficial but guiding employees down that path starts with knowing your people. Using a predictive index helps to understand what fundamentally drives individuals. Not only is this valuable information, but it also helps to set realistic expectations internally based on how that person works best. Additionally, this provides greater awareness to those who work within a team on how to communicate and help new hires learn.

Coming into a new role, many new employees feel as if they need to immediately contribute to tasks and projects. It’s important to clearly communicate they aren’t required to investigate, detect, and resolve anything right off the bat – there is no shame in learning to walk before they can run.

From a SOC perspective, it pays to allow time for new team members to familiarize themselves with the platform and the culture. That way, once trainings and classes are completed, they can be more successful when fully integrated into the team and can embrace their tasks with a thorough understanding of how to tackle each situation.

The great resignation or the great retention, you choose

What good is a prepared and motivated employee without the tools to do their job effectively and efficiently? Sure, it’s great to have the headcount but the next focus beyond hiring should be retaining, and to do that, the roadblocks causing friction for security teams need to be removed.

Security teams are spinning their wheels. Nearly 27% of alerts received by security teams are either ignored or not investigated. On average, when it comes to the alerts that do get investigated, it takes almost just as much time to assess actual threats compared to false positives. It’s nearly impossible to mature a security team without providing the resources to handle basic threat detection and response.

To add insult to injury, the board is most concerned with the productivity loss from these incidents, not the training and internal staffing of its teams, which shows how clearly undervalued the employees themselves are. Both can coexist so long as the approach to productivity focuses on the why and how to accomplish it – determining what tools to use to maximize knowledge and capability with the end result of productivity.

This mindset needs to change. We must know what’s being asked and quantify that to a healthy, acceptable workload for the team that’s responsible for delivering it. Additionally, we also need to be aware of the resources we are requiring teams to use to fulfill their role. On one end, providing the SOC with vital tools is necessary, but providing too many causes unnecessary stress – there needs to be a balance.

Success beyond the SOC

Ultimately, it’s the people that keep a business going and that is where resources need to be placed. After a smooth hiring and onboarding, it becomes time to start building on and adding value for those employees. Organizations need to recognize that it’s not enough to provide the means for success in their current roles, but more so their careers.

While some prospects will only see dollar signs, the ones worth investing in will also see the benefits in a company that furthers their professional development through trainings, certifications, and, ultimately, employers that not only value the companies’ goals but the goals of the individual as well.

Of course, you never want to see an employee go, but it’s better they leave to reach new heights with the experience they received than because they weren’t given the opportunity to grow and develop. It’s not to say turnover won’t happen, but you’ll have a much more successful security team – with higher retention – by setting them up for success from the start.