Managing security operations centre teams in a time of change
Published By
Noemi Simaki
October 20, 2022
5 min read.

How do we keep our security analysts engaged, avoiding burnout, and making the best decisions they can when while working under constant daily pressure?

These are difficult answers to find because even at the best of times, there is significant inherent stress associated with a Security Operations Centre Analyst’s role and responsibilities. Adding external factors to the equation, like the pandemic or unsolicited recruitment opportunities, only adds fuel to the smouldering fire of stress and anxiety. As managers we must consider how these factors affect our teams and what we can do to mitigate their effects.

While every organisation, team, and individual, is different, I have found consistent themes that are relevant now more than ever. A combination of all these initiatives will ensure we look after our teams, who will in turn look after our staff and customers.

Remunerate at market rates

There have been several surveys published citing the reasons why staff choose to leave their current employer in this era of the ‘great resignation.’ The number one reason is remuneration.

In the last few months and years, cyber security salaries have gone through the roof. Lobbying for additional budget or cutting costs elsewhere and redirecting funds for an out of cycle pay review can help bring your team in line with market rates. This will reduce the likelihood that unsolicited employment opportunities are seriously entertained, retaining your highly skilled analysts in your team for longer.

This, of course, does not mean analysts will not leave.

Build depth in the team

The average tenure in a role continues to decrease as younger generations move between organisations to broaden their horizons, experience new cultures, new organisations, new roles, and new ways of working.

To limit the impact of the inevitability that analysts will seek other roles within the cyber security industry and beyond, we must build resilience and depth in our teams. This means the loss of one or two analysts will not put additional strain on existing members of the team. We already expect a lot from our analysts, so asking them to take on the role of another analyst, even for a short time, can have a significant impact.

Nurture flexibility beyond the pandemic

The pandemic taught everyone that flexible working arrangements could be the new norm. We saw people gain two or three hours of quality time back into their day and continue to be as productive, if not more so. Extending this policy beyond the pandemic can provide analysts with the freedom to seek extracurricular activities outside the confines of cyber security, offering a change of pace away from a computer screen. It can also allow analysts to relocate to less centralised, more affordable locations, further improving their quality of life.

Flexibility extends beyond working arrangements. It involves understanding and empathising with changing circumstances; fostering an environment where analysts are encouraged to request taking off a few hours early to attend a school play, deal with the plumber or take the dog to the groomers. It includes providing mental health days or birthday days off. If there is sufficient depth in the team, these few hours here and there do not put strain on the team but can make a big difference to someone’s day.

Connect with your team and engage in meaningful ways

Flexibility comes at a price – the relationships we naturally build face to face in the office now require conscious effort to achieve. The added challenge in our industry is that our teams are not necessarily delighted when work puts on “zoom drinks” or “online trivia” type activities so judging the audience and conducting activities best suited to the individuals in the team is key.

One on one catchups with ever member helps provide a safe space to voice concerns that might usually be picked up through body language or visual queues in an office environment. Ensuring an open channel of communication to both management and the rest of the members in the team also plays a significant role in helping the team feel connected. Encouraging banter, sharing of common interests, and inviting humour into the daily online workspace helps bridge some of the watercooler interactions left behind in an office environment.

Remember we are all people.

None of the suggestions above are revolutionary, and they are not exhaustive. They really all boil down to one thing – treat each other with the respect and appreciation you would like to be treated with yourself.

Behind every analyst, every investigation, and every incident there is a person who wants to enjoy coming to work, team up with likeminded people with shared interests, do a good job and be appreciated for their efforts.

Sharing the day to day with a manager and a team that understands and cares about you as a person can go a long way to making the daily stress we see in our industry bearable. It will provide better outcomes for the people, the team, and the organisation. Look out for each other and the rest will happen!

You Should also read

Are we jumping at zero-day shadows?

Uncovering a watering hole attack

How to achieve complete cyber security

The latest on ransomware: same old gang, new bag of tricks