Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

8/1/2019
10:00 AM
John Moran
John Moran
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

SecOps Success Through Employee Retention

To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.

People, processes, and technology: the three most important components of security operations. Processes can be designed and documented, technology can be purchased and implemented, but people are most often the X factor in the equation. If you've worked in security operations, you know that people can make or break a team. An experienced analyst with a continuous drive to learn and an analytical mind capable of investigating complex threats can be worth his or her weight in gold. Compound that with the institutional knowledge gained over years of working within an organization’s infrastructure, and employee retention becomes one of the most critical components of any successful security operations team.

When we talk about the shortage of skilled analysts, the problem isn't a lack of bodies to fill empty chairs; it's the shortage of highly sought-after employees that is most crucial to address. Let’s look at some of the most important aspects of employee retention in a security operations environment and the most effective ways to address them.

Compensation
While compensation may not be the only factor employees consider in their career satisfaction, don't take it for granted. Retaining the best employees requires competitive compensation across the board. Let's start with monetary compensation. Salary is the most obvious form of monetary compensation and should be on par with comparable positions in the industry. However, employees are increasingly focused on other areas of monetary compensation when evaluating their satisfaction. Bonuses, retirement, paid time off, employee perks, and other benefits are highly effective ways to boost satisfaction when a salary increase may not be an option. These methods of compensation can be doubly effective when used as part of a well-planned incentive or reward program.

Advancement
Employees who are driven to succeed and advance are a tremendous asset to an organization, and this attitude should be rewarded with opportunities. Traditionally, advancement was seen as the opportunity to move to a management position. Not everyone aspires to be a manager or should be a manager, but this shouldn't inhibit an employee’s opportunity for advancement. This is especially true in highly technical fields such as security operations, where some employees may wish to simply advance their technical skills, and skill in managing technical problems doesn't always translate to skill in managing people.

Career paths should be defined for those who aspire to advance to management, as well as those who aspire to advance along a purely technical path. These paths should be clearly defined with unambiguous expectations, giving employees a visible route from where they are now to where they want to be.

Training
Training is undoubtedly critical for the organization itself. Technology and the threats we face are constantly evolving, and continuous training is key to remaining ahead of the curve. Aside from the obvious benefits to the organization itself, training can play a critical role in employee retention. Analysts who possess a continuous drive to learn are exactly the kind of employees an organization should strive to retain, and it's critical to feed that drive to learn as often as possible.

Conferences, classes, and events are great ways to continuously educate your security staff. However, these options often come with a high cost and may be an extravagance that an organization can't afford at scale. In these cases, it can be highly effective to use such events as a method of compensation or reward for senior or high-performing employees.

Whether conferences, classes, and events are annual occurrences or out of reach for your organization, providing other methods of education throughout the year is imperative. Chances are, most employees have a unique set of skills and knowledge that other employees can benefit from. Internal training conducted by the organization’s own employees can be a productive way to fill the training gaps and transfer knowledge between team members.

Internal training between groups within the organization is also a proactive way to provide employees with an understanding and appreciation for the roles of other teams and build relationships. Technical exercises and scenarios are a cost-effective way to reinforce technical skills and encourage healthy competition. Subscriptions for online training or education platforms that can be used on-demand are also a good way to feed the minds of analysts.

Environment
We can't all be Google, but there are many environmental factors that can positively affect employee retention short of juice bars and pool tables. Circling back to the beginning of this post for a moment, proper processes and technology can have a tremendously positive impact on the environment. Clear, well-documented processes provide employees with straightforward expectations and stability. Technology, when implemented properly, can significantly reduce the workload and stress level on employees who often work in high-pressure, overloaded environments.

Fostering a collaborative, respectful team environment between all staff members, including management, can have an enormous impact on the efficiency of daily operations, as well as employee retention. This is especially true in security operations, where employees must often work closely with those inside and outside of their respective teams and trust that all team members are performing their tasks effectively.

The physical environment should also be optimized wherever possible; including adequate space, good lighting, collaborative spaces, and proper work areas. In an office environment, this can be easier to achieve. With the increasingly remote workforce in many security operations teams, controlling the physical environment can be much more challenging. Although the physical space may be outside the direct control of management for remote employees, organizations can still ensure that remote employees are properly educated on optimizing their home office and provided with access to the best technology and accessories to make them successful remote employees.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

John Moran is a product management, security operations, and incident response expert and currently holds the position of Senior Product Manager at DFLabs, where he is responsible for shaping the product road map, strategic planning, technology partnerships, and customer ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast Security,  8/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.