Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
October 15, 2021
4 Min Read
Source: Aleksei Gorodenkov via Alamy Stock Photo
With a career in cybersecurity that started over 15 years ago, my work has traversed the security landscape: managing incident responses, designing endpoint detection and investigative methodologies, and leading compromise assessments to identify targeted threats. Now, as the director of global operations for a managed detection and response provider, I oversee our clients' security needs and our organization's internal security functions, in addition to managing, mentoring, and coaching security operations center analysts and detection and response engineers.
While I originally cut my teeth working for the federal government, the foundation of my professional life was cemented by the lessons I learned working a help desk.
A Passion for Helping People
It was during my time picking up the phone and fielding customer service calls that I developed a true passion for helping people. The very nature of cybersecurity is rooted in taking care of your customers and making sure they feel protected. As someone leading a team of SOC analysts, I can think of no better pathway to helping customers than designing systems and processes that keep their businesses, and the employees that run them, safe from bad actors and security threats.
The lessons I learned as a help desk employee that I have carried throughout my career are centered on three primary themes: bringing empathy to every customer interaction, practicing radical candor, and emphasizing traits over skills when hiring.
Embracing Empathy to Build Trust
Empathy is key to any successful business relationship but is especially crucial when managing security issues. It's not enough to address a security threat from a technical standpoint — there must be a human component to every interaction.
By taking an empathetic approach and owning the customer's problem before you begin to solve it, you're better able to relate to their feelings of fear, anxiety, or whatever emotion they may be experiencing. Seeing the issue through the same lens as your customer creates an immediate connection and helps foster a trusting relationship, a necessity when managing business security systems.
In customer relationships, candor is just as important as empathy. To truly serve your customers, you must be able to have honest and transparent conversations with them about their security challenges. As security professionals, it would be foolish for us to think we have all the answers. Often, our customers can provide insights that help us address security threats and attacks. But, before we can gather those insights, we must first establish communication channels that embrace open and honest conversations with those very customers.
Not only is candor a key ingredient within customer relations; as a manager, it's the first step to building a world-class SOC team. By giving your employees the space to admit their mistakes or say "I don't know" when faced with a security threat that's beyond their skill level, you create an opportunity to scale your team's overall expertise. You also establish a work environment and culture where employees feel valued and safe, diminishing burnout and reducing employee churn rates, which is an ongoing and major problem across the industry.
Focus on Traits (Because You Can Always Teach Skills)
Another key ingredient to building a world-class SOC: Emphasizing traits over skills. Empathy is difficult to teach, and candor is nearly impossible if you're not already an honest person. You can train someone to detect and respond to a security threat, but you cannot upskill someone's capacity for knowledge and their passion for learning. If a job candidate is passionate about helping people and truly curious about the intricate systems that make up the security industry, you can teach them the skills they need to be an SOC analyst.
The security industry is growing at an astonishing rate. According to the US Bureau of Labor Statistics, security analyst employment rates are projected to grow 33% over the next decade, far above the average for most occupations. To meet the demands of such growth, security industry leaders will need to reconsider narrowly defined job qualifications. One solution is to open your teams to candidates who are passionate about customer care but may need more training.
Maintaining secure environments is inherently centered on the idea of helping people. When you build empathy and candor into your company culture, and emphasize traits over skills during the hiring process, you lay the groundwork for building an entire workforce that's fanatical about serving the customer. Employees who are passionate about the work they do, and always yearning to learn more, become security industry leaders capable of building successful teams that deliver effective security solutions.
About the Author(s)
Vice President of Security Operations, Expel
Jonathan Hencinski is the VP of Security Operations at Expel. In this role, he's responsible for the day-to-day operations of Expel's security operations center (SOC) and detection and response engineering. He oversees how Expel recruits, trains, and develops security analysts. Jon has over a decade of experience in the areas of SOC operations, threat detection, and incident response. Prior to Expel, Jon worked at Mandiant, BAE Systems, and was an adjunct professor at The George Washington University.
You May Also Like
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024