Reducing Burnout and Increasing SOC Retention: How Leaders Can Improve Their Employees’ Lives and Improve Security

By Kayla Williams, CISO, Devo

The significant skills gap and burnout of current personnel are two of the most frequent challenges cybersecurity leaders must solve. ISC(2) estimates there’s still a 3.4 million-person deficit in cybersecurity worldwide. And this problem might soon grow worse. A new Wakefield Research study found that 85% of participating IT security professionals think they’ll need to leave at least their job, if not their organization, because of the severity of their burnout issues. It’s gotten so bad that 24% of the survey respondents saidthey may switch to a different career altogether.

We can’t afford to widen the security skills gap by letting burnout run rampant. Overcoming these two issues is crucial for security leaders, but doing so will require a grasp of how serious a threat burnout is and the technologies/procedures needed to address it.

What’s happening in the SOC 

Burnout and the cyber skills shortage affect virtually every function in cybersecurity, but they’re particularly severe in the SOC. The Wakefield Research survey also found that 76% of respondents believe their IT leaders couldn’t make it through one day of trying to manage the massive alert workload.

SOC roles aren’t for the faint of heart. At every level of the SOC, employees are under almost continual pressure because failure might have catastrophic consequences for the business. SOC work is challenging and demanding. A staggering 71% of security leaders and non-management personnel rate the pain of SOC staffers at 6 through 9 on a scale of 10.

The good news is that we are seeing more organizations turn to automation to augment the work of their SOC analysts by shifting some of the more monotonous tasks and enabling analysts to focus more on the threats most important to their organization. However, this shift takes time, and threats continuously evolve, which means SOC roles also continue to change. To be effective today, Tier 3 analysts must be more skilled and aligned to business objectives.

Deep disconnects remain between SOC leaders and staff, and teams don’t feel heard or taken seriously about burnout-related issues. 45% of SOC analysts surveyed said their leadership hadn’t responded proactively to burnout.

Time to assess your technology stack.

The issues of SOC hiring and retention must be addressed in part by assessing an organization’s technology stack. Having comprehensive visibility is the foundation of this. Fortunately, there are security solutions today that are easily implemented and can provide visibility into all parts of an organization’s operations, gathering logs and insights in one place.

It’s not just visibility that matters; it’s also about what’s done with the data, which means it must be usable. The dynamic scalability of cloud-based security analytics tools allows them to take in all of the data and then process it in real time. Organizations are investing appropriately to ensure they can switch to a real-time alert detection, investigation and response framework now that the capability exists.

Adopting a wider application of artificial intelligence and machine learning is the third move toward upending outdated methods. The AI/ML tools available now are excellent, and they’ll only get better. Specifically, new capabilities include autonomous alert triage, where AI-driven systems rapidly assess and prioritize alerts, and proactive threat hunting, where machine learning algorithms uncover hidden threats. This is advantageous for SOC teams and CISOs who are able and willing to adopt these technologies, transforming their SOC teams from front-line gatekeepers into guardians and instructors of rapid automated response systems.

Implementing more automation will be key. According to the survey, 55% of SOC practitioners want their leaders to invest in automation, among other solutions/resources they said they desired.

Attending to the SOC team

Burnout is impacting organizations’ security posture in a real way. 83% of IT security professionals in the Wakefield Research study reported that they or a member of their department have made mistakes due to burnout that led to a network breach; 39% have experienced this more than once. Ensuring that SOC analysts find meaning in their work is another key component to addressing the burnout challenge. By having the right tools, for example, SOC teams can lower the number of false alarms and reduce alert fatigue, enabling analysts to concentrate more on delivering business value and reducing risk.

SOC staff also want their leaders to offer additional training, mentorship and development (59%) to help with burnout. If managers allocate time each week for staff training for both personal and professional development, this promotes a culture of company commitment to work-life balance and mental well-being. All these factors increase retention and job satisfaction

Act now for future success

The shortage of cybersecurity professionals and SOC analyst burnout require immediate action. It’s crucial to strengthen your technology stack for real-time response. Additionally, boosting job happiness through meaningful work, reducing false alarms, and promoting personal development are necessary to address today’s challenges in the long term. To retain qualified employees and successfully manage industry challenges, IT leaders must adopt cutting-edge tools and foster a SOC culture that prioritizes well-being.

About the Author

Kayla Williams is the CISO and VP, governance, risk, and compliance (GRC) at Devo, a cloud-native logging and security analytics platform with a $2B valuation.

She is an analytical and results-driven professional with experience in management of cybersecurity incidents, compliance management, corporate risks, information security, project and program management, and organizational controls surrounding many different aspects of business. Kayla also is accomplished in the development of key methods for organizations to strengthen productivity, enhance operational performance, and improve financial and operational controls. Prior to this role, Kayla was the director of GRC at LogMeIn, a $1b global SaaS company, and the senior risk manager for Computershare US, a global financial services company, where she was responsible for supporting the development, implementation, and monitoring of operational, financial, compliance, and IT risk. Additionally, she worked directly with executive management to identify, assess, and establish mitigation strategies for any risk that arose from inadequate or failed processes, people, systems, or external events, while maintaining a balance between risk mitigation and operational efficiency. This enabled executive management to make informed decisions about the risk posture of the organization and dedicate resources to key areas to minimize critical and high risk to business operations.

Kayla currently resides in Boston, Massachusetts and Alfreton, Derbyshire, UK.

Kayla can be reached at our company website https://www.devo.com/.