Closing the Talent Gap: Technological Considerations for SOC Analyst Retention

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Kayla Williams of DEVO presents three technological considerations to close the talent gap and retain SOC analysts.

Two of the most common refrains among cybersecurity leaders are that there’s a major skills gap and that existing employees are burning out. According to ISC(2), there’s a global workforce gap of 3.4 million people in cybersecurity. Not only are there not enough people, but those who are working in cybersecurity are at high risk for burnout. This challenge is particularly prevalent when it comes to working in the security operations center (SOC).

For security leaders, overcoming these twin challenges is key– but it will require an understanding of just how serious the burnout threat is and of the technology and processes required to mitigate that threat.

Closing the Talent Gap: Technological Considerations for SOC Analyst Retention

Understanding the SOC Situation

While the skills gap and burnout impact almost every single role within cybersecurity, it’s especially acute in the security operations center (SOC.) A staggering 55 percent of SOC analysts have contemplated leaving their positions due to the immense pressure they experience. Historically, this role was largely focused on a lot of triage and dealing with a multitude of alerts. However, technological advances are changing the roles significantly. Today, the Tier 1 analyst role is becoming much more automated, and Tier 2 is becoming more autonomous. This is a positive development, but it’s also taken a toll on the Tier 3 role, which now faces increased pressure. To be successful now, your Tier 3 analysts must be better and more experienced than they needed to be five years ago.

This means there are fewer inroads for newbies and a higher demand for highly skilled security professionals, creating a Catch-22 situation. SOC analysts are now harder to retain, and there are fewer people coming up through the ranks to replace them. A primary reason for the tendency to burn out and leave is that they are working on tougher problems and there is a greater volume of alerts to address. Indicators of compromise (IoC) constantly change, and more IoCs are identified every day.

At every level of the SOC, workers experience near-constant pressure; failure could have disastrous effects on the company. Even though some organizations have made progress, it’s clear that SOC work is difficult and taxing. In fact, a whopping 71 percent of decision-makers and non-management staff reported a high level of discomfort experienced by staff in their SOC.

Changing the Status Quo Starts with Your Technology Stack

Evaluating your technology stack is key to addressing the challenges of SOC retention/hiring. This starts with visibility; there’s no excuse today for not having visibility across your organization. Security technologies are easy to deploy nowadays and can provide visibility across all aspects of the organization, providing logs and insights that can be aggregated in a central location. This has historically been a challenge, but that’s changing now.

Following on from that, it’s not just the visibility of the data that matters– it’s what you do with it. The data must be usable. Cloud-based security analytics solutions have the dynamic scalability to not only handle the ingestion of all the data but also the ability to process all that data in real-time. The ability now exists, and organizations are making investments to ensure that they can shift into a real-time alert detection investigation and response approach.

A third step to changing the status quo is to adopt greater applications of artificial intelligence and machine learning. Today’s AI/ML tools are extremely good, and they’re going to continue to get better. That works to the advantage of those SOC teams and the CISOs who can and choose to embrace these technologies and are willing to transform their SOC teams to move from frontline human speed bumps into custodians and trainers of high-speed automated response systems.

SOC Job Satisfaction and Retention

Reviewing your tech stack will have ripple effects on SOC teams’ ability to perform effectively and experience fewer of the negative aspects of their job roles. For instance, having the proper tools in place reduces the number of false alerts and “alert fatigue.” It also enables teams to free up time for more high-value and meaningful work, like focusing more on business value/risk because repetitive tasks have been automated.

Managers are enabled to set aside time each week for employees to study important topics for personal and professional growth. This creates a culture of mental health and work/life balance by demonstrating employer commitment through actions. All of these elements add up to greater job satisfaction and higher retention.

Tapping Tech for Retention

The cybersecurity skills gap and the phenomenon of SOC analyst burnout demand urgent attention. Strengthening the technology stack for real-time response is vital. Sustainable solutions also require fostering job satisfaction through meaningful work, reducing false alerts, and enabling personal growth. IT leaders must embrace advanced tools that engender well-being to retain skilled talent and effectively address industry challenges.