Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

8/1/2019
10:00 AM
John Moran
John Moran
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

SecOps Success Through Employee Retention

To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.

People, processes, and technology: the three most important components of security operations. Processes can be designed and documented, technology can be purchased and implemented, but people are most often the X factor in the equation. If you've worked in security operations, you know that people can make or break a team. An experienced analyst with a continuous drive to learn and an analytical mind capable of investigating complex threats can be worth his or her weight in gold. Compound that with the institutional knowledge gained over years of working within an organization’s infrastructure, and employee retention becomes one of the most critical components of any successful security operations team.

When we talk about the shortage of skilled analysts, the problem isn't a lack of bodies to fill empty chairs; it's the shortage of highly sought-after employees that is most crucial to address. Let’s look at some of the most important aspects of employee retention in a security operations environment and the most effective ways to address them.

Compensation
While compensation may not be the only factor employees consider in their career satisfaction, don't take it for granted. Retaining the best employees requires competitive compensation across the board. Let's start with monetary compensation. Salary is the most obvious form of monetary compensation and should be on par with comparable positions in the industry. However, employees are increasingly focused on other areas of monetary compensation when evaluating their satisfaction. Bonuses, retirement, paid time off, employee perks, and other benefits are highly effective ways to boost satisfaction when a salary increase may not be an option. These methods of compensation can be doubly effective when used as part of a well-planned incentive or reward program.

Advancement
Employees who are driven to succeed and advance are a tremendous asset to an organization, and this attitude should be rewarded with opportunities. Traditionally, advancement was seen as the opportunity to move to a management position. Not everyone aspires to be a manager or should be a manager, but this shouldn't inhibit an employee’s opportunity for advancement. This is especially true in highly technical fields such as security operations, where some employees may wish to simply advance their technical skills, and skill in managing technical problems doesn't always translate to skill in managing people.

Career paths should be defined for those who aspire to advance to management, as well as those who aspire to advance along a purely technical path. These paths should be clearly defined with unambiguous expectations, giving employees a visible route from where they are now to where they want to be.

Training
Training is undoubtedly critical for the organization itself. Technology and the threats we face are constantly evolving, and continuous training is key to remaining ahead of the curve. Aside from the obvious benefits to the organization itself, training can play a critical role in employee retention. Analysts who possess a continuous drive to learn are exactly the kind of employees an organization should strive to retain, and it's critical to feed that drive to learn as often as possible.

Conferences, classes, and events are great ways to continuously educate your security staff. However, these options often come with a high cost and may be an extravagance that an organization can't afford at scale. In these cases, it can be highly effective to use such events as a method of compensation or reward for senior or high-performing employees.

Whether conferences, classes, and events are annual occurrences or out of reach for your organization, providing other methods of education throughout the year is imperative. Chances are, most employees have a unique set of skills and knowledge that other employees can benefit from. Internal training conducted by the organization’s own employees can be a productive way to fill the training gaps and transfer knowledge between team members.

Internal training between groups within the organization is also a proactive way to provide employees with an understanding and appreciation for the roles of other teams and build relationships. Technical exercises and scenarios are a cost-effective way to reinforce technical skills and encourage healthy competition. Subscriptions for online training or education platforms that can be used on-demand are also a good way to feed the minds of analysts.

Environment
We can't all be Google, but there are many environmental factors that can positively affect employee retention short of juice bars and pool tables. Circling back to the beginning of this post for a moment, proper processes and technology can have a tremendously positive impact on the environment. Clear, well-documented processes provide employees with straightforward expectations and stability. Technology, when implemented properly, can significantly reduce the workload and stress level on employees who often work in high-pressure, overloaded environments.

Fostering a collaborative, respectful team environment between all staff members, including management, can have an enormous impact on the efficiency of daily operations, as well as employee retention. This is especially true in security operations, where employees must often work closely with those inside and outside of their respective teams and trust that all team members are performing their tasks effectively.

The physical environment should also be optimized wherever possible; including adequate space, good lighting, collaborative spaces, and proper work areas. In an office environment, this can be easier to achieve. With the increasingly remote workforce in many security operations teams, controlling the physical environment can be much more challenging. Although the physical space may be outside the direct control of management for remote employees, organizations can still ensure that remote employees are properly educated on optimizing their home office and provided with access to the best technology and accessories to make them successful remote employees.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

John Moran is a product management, security operations, and incident response expert and currently holds the position of Senior Product Manager at DFLabs, where he is responsible for shaping the product road map, strategic planning, technology partnerships, and customer ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.