Managing a SOC in a Time of Crisis
Earlier this year, the World Health Organization (WHO) recognized burnout as a syndrome resulting from “chronic workplace stress that has not been successfully managed.”
Security analysts are known for being at a high risk for burnout, which can lead to mistakes and increased vulnerability for the organization. As a former security operations center (SOC) analyst, I remember all too vividly the long shifts, the constant influx of alerts, the minimal room for error, and never seeming to have enough resources to do the job.
In the time since my days on the front lines of security, these issues have only been exacerbated by more alerts being generated by the myriad of threat detection and prevention tools that teams must leverage, an evolving and growing surface area to protect increasingly sophisticated bad actors, and a massive cybersecurity skills shortage. If all of that isn’t stressful enough, today’s security analyst is often working from home and trying to manage personal stress in an unprecedented situation.
In the wake of a global pandemic and civil unrest across the United States—and the world—we are all consuming a lot of information. Some of it is work-related, but a lot of it is not and bad actors are taking advantage.
For example, we have seen a huge increase in the number of phishing emails exploiting our trust relationships with organizations like the U.S. Centers for Disease Control and Prevention (CDC), the WHO, and state and local governments.
But it’s not just the constant phishing attempts that are challenging, it’s the fact that adversaries know we are distracted. We are watching what’s happening around the world, trying to homeschool our kids, and helping our parents—or significant others—all while many businesses are in the fights of their lives. With so much going on both personally and professionally, the risk for burnout is higher than ever.
What Do You Do?
The number one way to begin conquering burnout within your own team is to increase its efficiency and overall effectiveness. If I were managing a SOC right now, before assessing new solutions or vendors I would ask these three questions:
1. How do you set people up for success and reduce opportunities for mistakes?
2. How do you ensure work is being done in a consistent and repeatable way?
3. How do you make sure the work that has to get done is actually getting done?
In short, focus on what you have to do and make sure the processes you must execute are effective, efficient, and have guardrails for an inevitably distracted team.
How Do You Accomplish This?
Start small. Define your incident response processes with documented standard operating procedures. Identify simple workflows or manual tasks that can be automated now. Set target metrics and key performance indicators, and generate real-time reports to track progress so you can pivot when necessary.
Automation is a crucial tool that can help increase the overall efficacy of your SOC. When it is combined with strong processes and documented procedures, your team is set up for success—minimizing stress and maximizing productivity.
Cody Cornell is co-founder and CEO of Swimlane.