Finding and hiring talented cybersecurity analysts is difficult enough. Keeping them on board after they're trained and acclimated to your organization's IT infrastructure and operations is an even bigger challenge. If high-performing security operations center (SOC) staff are unhappy or unfulfilled, they'll move on, and they have plenty of options.
According to ESG and ISSA's "The Life and Times of Cybersecurity Professionals 2018" (registration required), 44% of survey respondents were solicited by recruiters at least once a week and 76% were solicited at least once a month. My job keeps me in front of SOC staff, their managers, and (usually) up the org chart to the CISO. So, when someone leaves, I hear multiple perspectives on why so many analysts job-hop. Here's what drives them out the door:
1. No Room for Growth
The problem with managing smart, ambitious people is that they are smart and ambitious. The best cybersecurity analysts are highly intelligent and fast learners, and they love a good challenge. Unfortunately, the day-to-day operations of your SOC can get monotonous. Over time, this can leave your best people unsatisfied. Managers who balance the mundane aspects of the job with more strategic projects are much more likely to keep SOC staff engaged. You should also look for ways to reward and advance your highest-performing team members.
2. Burnout and Alert Fatigue
Your best analysts can fly through a mile-high stack of alerts at breakneck speed and never miss a thing. And how do you reward them? With more work. On the one hand, it's perfectly fair. You hired them for their expertise, efficiency, and ability to perform under pressure. But you also need to be aware of burnout and alert fatigue. Too many alerts create a particularly pernicious type of stress that occurs when a person has no control over the pace of incoming work — work that literally never ends. If an analyst feels she or he is stuck on a hamster wheel, they are unlikely to stay.
3. Lack of Executive Support and Engagement
It is difficult for analysts to remain motivated when they feel like the powers that be don't have their back. That support can take many forms, but one very clear indicator that security isn't a business imperative is if the organization fails to provide critical tools analysts need to do their daily work. Modern networks are way too complex for analysts to do their jobs without sophisticated tools. Don't set them up for failure. Make sure cybersecurity is a valued and part of your corporate culture — a culture that will motivate your best team members to stick around.
Yes, money matters. Financial compensation plays a big role when analysts look for new opportunities. With zero percent unemployment and a growing skills shortage, upward pressure on salaries will continue for the foreseeable future; there's no way around this one. Keep up to date on salary and compensation trends and make sure you are competitive.
5. Not Enough Professional Development/Skills Training
Roughly 96% of the 267 cybersecurity professionals responding to the survey believe that organizations face a significant disadvantage against cyber adversaries if they don't keep up with their skills, and 66% say that keeping up with their skills is difficult to do because of the demands of a cybersecurity career. This conundrum is pervasive, but don't let training get pushed aside due to the grueling pressure and demands of a SOC. Budget and schedule training sessions as "non-negotiable" and get creative and fun about new ways to challenge team members and develop their skills. Ask any analyst. They will tell you that training keeps them engaged, challenged, and happy.
Next time the industry is aflutter about the latest attack strategy, give your team members a chance to jump in and learn to defend against it. Put their response skills to the test in as realistic a setting as possible. It will get their blood pumping and give them the pride and confidence of knowing that they are ready to face dangerous and capable attackers. Capture the Flag is a Black Hat tradition for a reason — competitions are essentially team trainings that bring people together and provide participants with a forum to practice and show off their skills.
Analysts know they are a hot commodity, in the enviable position of writing their own ticket. If you want yours happy at home in your SOC, keep them at the forefront of emerging trends and methodologies and make sure their contributions to the business are acknowledged.