Building a Strong SOC Starts With People

A people-first approach reduces fatigue and burnout, and it empowers employees to seek out development opportunities, which helps retention.

Neil Weitzel, SOC Manager, ThreatX

August 30, 2022

4 Min Read
Woman in an operations center with headset
Source: Aleksei Gorodenkov via Alamy Stock Photo

I manage a security operations center (SOC) in the midst of the Great Resignation and a massive cybersecurity skills gap. During this time, I've learned a few surprising things about how to recruit and maintain a cohesive SOC team.

A 2021 Devo study of more than 1,000 cybersecurity professionals found that working in a SOC has some unique pain points, including the amount of information that needs to be processed and the on-call nature of the job. Alert fatigue also contributes to this pain.

I've found that keeping the SOC staffed and engaged starts with a SOC's most important asset: its people. A people-first approach not only helps with reducing fatigue and burnout, but it also empowers employees to seek out opportunities for their own development, greatly aiding in retention. Here are three ways that I rely on to support my SOC colleagues.

Give and Receive Regular Feedback

Actionable feedback, both given and received, is something that people naturally desire. When done proactively, the team gains a clear understanding of their performance while building trust with their leaders. Even if everything is going well, letting your colleagues know what they are excelling at is imperative. This positive reinforcement often has more impact than letting them know when something needs to be improved.

I have an open-door policy with my team, which allows for a consistent feedback loop. If I need to be doing more for my team, I expect them to tell me where I can improve; on the flip side, hearing if something is going well helps me better calibrate my leadership style to my team.

I also encourage others to find departments within your company that will provide 180-degree feedback. This is vital for me as both a leader and an employee as it empowers me to check my own blind spots. As a leader, you should want to discover the areas where you can grow and better support your team.

Rotate Tasks and Responsibilities

Within my team, I have everyone rotate between managing alerts, self-paced training, and project work. This not only gives each team member a window into different aspects of the SOC, and work to develop themselves, it also removes some of the monotony and stress of the job.

For instance, if you have to come to work every day and consistently worry about urgent tickets and client requests, you will feel anxious and as though you constantly have to fix other people's problems. These feelings contribute mightily to burnout. Additionally, finding ways to automate regular tasks will reduce the stress and burden placed on the team so they can focus on more strategic work.

Promote Interactions Throughout the Company

It can be easy to get lost looking at each tree in the SOC, when you should instead be focusing on the forest of the company. That is why I encourage my team to take a step back and realize how their work is helping the company and community.

I do this by coordinating opportunities for my team to work with individuals outside their realm, for instance in sales or marketing, so everyone understands the product and overall goals. Also, assisting others outside of your team and even your company helps you to fully understand the value you provide and where others can benefit from your team's support and expertise.

I encourage my team to complete a quarterly "Do Good" project, which focuses on the needs of the company and the larger security community. For instance, how can we work together to educate others about bad actors and mitigate the threats they pose? In April, the SOC team identified and validated IP addresses that were being used for attacks across several of our clients. After they were identified, we ensured they were available to the public so others could leverage our knowledge to block attackers.

Doing projects like these reminds the team how critical their work is and unites us around a common goal.

The Key Differentiator: How People Are Treated

How the leaders treat their people is a key differentiator in today's job market, especially as many organizations look to creative ways to solve cybersecurity's ongoing talent shortage. It goes without saying that employers should also look to train employees rather than expect them to come to an entry-level job with 30 years of experience and a CISSP cert.

When I am hiring, I look for strong base foundations and proven self-starters, along with potential — and desire — to grow, rather than previous experience. It is always rewarding to give deserving people an opportunity and watch them flourish.

Additionally, having your team complete self-paced training and educational opportunities enables each person to work on skills and techniques that will only aid the company down the line. Fostering that growth is just good business.

While there certainly isn't a one-size-fits-all approach to managing people, as each person, SOC, and company are different, keeping your people at the heart of all things will never go out of style. The stronger your employees, the better off your SOC, and your organization as a whole, will be.

About the Author(s)

Neil Weitzel

SOC Manager, ThreatX

Neil is the Manager of the ThreatX security operations center and is located in Detroit. He has 15 years of experience working in various roles from user support to leading security programs. Neil has profound experience in security architecture and cybersecurity best practices, which helps him provide valuable insight to security teams. Before ThreatX, Neil worked with organizations such as Cognizant as an application security architect, Cigital (now Synopsys) as their practice director of vulnerability assessments, and EIQ Networks (now Cygilant) as their director of security research. Neil also served as a cybersecurity instructor and delivered numerous security and defensive programming courses to various clients such as NASA and PayPal. He is an active member of the security community and delivered lectures at DEF CON, OWASP, and local security meetups. Neil also acts as an adjunct lecturer on software engineering at his alma mater, Indiana University.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights