Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

8/1/2019
10:00 AM
John Moran
John Moran
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

SecOps Success Through Employee Retention

To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.

People, processes, and technology: the three most important components of security operations. Processes can be designed and documented, technology can be purchased and implemented, but people are most often the X factor in the equation. If you've worked in security operations, you know that people can make or break a team. An experienced analyst with a continuous drive to learn and an analytical mind capable of investigating complex threats can be worth his or her weight in gold. Compound that with the institutional knowledge gained over years of working within an organization’s infrastructure, and employee retention becomes one of the most critical components of any successful security operations team.

When we talk about the shortage of skilled analysts, the problem isn't a lack of bodies to fill empty chairs; it's the shortage of highly sought-after employees that is most crucial to address. Let’s look at some of the most important aspects of employee retention in a security operations environment and the most effective ways to address them.

Compensation
While compensation may not be the only factor employees consider in their career satisfaction, don't take it for granted. Retaining the best employees requires competitive compensation across the board. Let's start with monetary compensation. Salary is the most obvious form of monetary compensation and should be on par with comparable positions in the industry. However, employees are increasingly focused on other areas of monetary compensation when evaluating their satisfaction. Bonuses, retirement, paid time off, employee perks, and other benefits are highly effective ways to boost satisfaction when a salary increase may not be an option. These methods of compensation can be doubly effective when used as part of a well-planned incentive or reward program.

Advancement
Employees who are driven to succeed and advance are a tremendous asset to an organization, and this attitude should be rewarded with opportunities. Traditionally, advancement was seen as the opportunity to move to a management position. Not everyone aspires to be a manager or should be a manager, but this shouldn't inhibit an employee’s opportunity for advancement. This is especially true in highly technical fields such as security operations, where some employees may wish to simply advance their technical skills, and skill in managing technical problems doesn't always translate to skill in managing people.

Career paths should be defined for those who aspire to advance to management, as well as those who aspire to advance along a purely technical path. These paths should be clearly defined with unambiguous expectations, giving employees a visible route from where they are now to where they want to be.

Training
Training is undoubtedly critical for the organization itself. Technology and the threats we face are constantly evolving, and continuous training is key to remaining ahead of the curve. Aside from the obvious benefits to the organization itself, training can play a critical role in employee retention. Analysts who possess a continuous drive to learn are exactly the kind of employees an organization should strive to retain, and it's critical to feed that drive to learn as often as possible.

Conferences, classes, and events are great ways to continuously educate your security staff. However, these options often come with a high cost and may be an extravagance that an organization can't afford at scale. In these cases, it can be highly effective to use such events as a method of compensation or reward for senior or high-performing employees.

Whether conferences, classes, and events are annual occurrences or out of reach for your organization, providing other methods of education throughout the year is imperative. Chances are, most employees have a unique set of skills and knowledge that other employees can benefit from. Internal training conducted by the organization’s own employees can be a productive way to fill the training gaps and transfer knowledge between team members.

Internal training between groups within the organization is also a proactive way to provide employees with an understanding and appreciation for the roles of other teams and build relationships. Technical exercises and scenarios are a cost-effective way to reinforce technical skills and encourage healthy competition. Subscriptions for online training or education platforms that can be used on-demand are also a good way to feed the minds of analysts.

Environment
We can't all be Google, but there are many environmental factors that can positively affect employee retention short of juice bars and pool tables. Circling back to the beginning of this post for a moment, proper processes and technology can have a tremendously positive impact on the environment. Clear, well-documented processes provide employees with straightforward expectations and stability. Technology, when implemented properly, can significantly reduce the workload and stress level on employees who often work in high-pressure, overloaded environments.

Fostering a collaborative, respectful team environment between all staff members, including management, can have an enormous impact on the efficiency of daily operations, as well as employee retention. This is especially true in security operations, where employees must often work closely with those inside and outside of their respective teams and trust that all team members are performing their tasks effectively.

The physical environment should also be optimized wherever possible; including adequate space, good lighting, collaborative spaces, and proper work areas. In an office environment, this can be easier to achieve. With the increasingly remote workforce in many security operations teams, controlling the physical environment can be much more challenging. Although the physical space may be outside the direct control of management for remote employees, organizations can still ensure that remote employees are properly educated on optimizing their home office and provided with access to the best technology and accessories to make them successful remote employees.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

John Moran is a product management, security operations, and incident response expert and currently holds the position of Senior Product Manager at DFLabs, where he is responsible for shaping the product road map, strategic planning, technology partnerships, and customer ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19698
PUBLISHED: 2019-12-10
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.