Money may talk for employees considering an exit from most professions, but according to new research, that doesn’t apply to security operations professionals.
Instead, according to a new Siemplify-sponsored survey report titled “Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs),” the SANS Institute says it has found that the best way for organizations to resist frequent SecOps team attrition and turnover is not through raising salaries but by developing skills, investing in training, and giving employees the chance to tinker with new security tools and technologies.
This combination of employee skills building and engagement activities leads to staff longevity, which SANS has found to be the most accurate predictor of a “strong cybersecurity program” and a team’s ability to efficiently and effectively address emerging threats and choreograph new techniques and processes for handling these risks.
Of course, amid a pandemic-induced recession, only one-third of respondents to the SANS survey expect to be hiring in 2020, but the institute’s findings seem to indicate that regardless of the economic climate, SOC teams who collaborate well together, stay together.
This includes, according to SANS, providing staff with:
- A well-defined career path to avoid “alert burnout” and demonstrate advancement.
- Sufficient funding for training and skills enhancement.
- Opportunities to play with and develop new security tools and techniques.
Said SANS: “One common pushback against security training is a belief that employees will get trained and then leave the company for a higher paying job. However, the below-average attrition rates disprove this, and SANS’ qualitative interviews with SOC managers tend to show that the highest skilled teams stay at their companies the longest.”
An enabling technology – security orchestration, automation and response (SOAR) – actually answers all of the factors typically representative of stable and long-standing SOC teams.
For one, SOAR empowers SOC teams to to automate level-one tasks and accelerate level-two and three tasks, allowing you to eliminate manual, repetitive work (often best personified by seemingly non-stop alerts) and focus your talent on higher-value, strategic initiatives requiring greater proficiency.
In addition, SOAR acts as a “force multiplier” SOC technology for which there is eager interest among security operations teams to learn the inner workings of. The optimal SOAR solution is a workbench that fulfills end-to-end security operations appetites, from providing a simple and intuitive analyst experience to delivering powerful capabilities for engineers and advanced users.
To download the full SANS report, containing timely insights and trends, click here.
Dan Kaplan is director of content at Siemplify.