Well, Happy Labor Day everybody!! Hopefully your taking the day off, and
enjoying the time with family and friends.
As we are getting close to the last quarter of the year, there is one
topic I don’t think I have covered: And
that is the Secure Operations Center, or SOC.
As I mentioned in yesterday’s blog, this is where an MSP or
even an MSSP has individuals from their IT Security team closely watch the IT
and Network infrastructures of their clients.
Yea, in some ways it’s like going into the flight deck of a Boeing 787,
with all of the modern computers and screens that are present.
But that is just the image which is portrayed. I have a few friends that are MSPs also, and
they even have their own SOC, but maybe not so modern. Also as mentioned, one even has it a in a
shared office space. But wherever it is
located, one thing is for sure: It is a
secure environment, and the people that are hired to watch those screens have their
full client’s trust in their hands.
In a way, it’s like air traffic control, btu rather than
guide airplanes, in and out of the runways, you are watching the flow of data
packets, and keeping track of any abnormal activity that could be present. But since really nobody talks about the people
that work in the SOC, nobody really understands the pressure that they are under.
All we keep hearing about is the burnout rate from other members
of the IT Security team and the CISOs.
But in fact, the burnout rate starts from the SOC itself. According to a recent study conducted last
year, more than 1,000+ SOC workers complained about burnout, high levels of
stress, alert fatigue, and just the sheer amount of the information and data
that needs to be processed.
Yes, there are automation tools that can help a lot with
this, but in the end, it still takes a human eye and judgment to make the final
call. More information about this study
can be seen at this link:
https://www.devo.com/resources/2021-devo-soc-performance-report/
So what can be done to help improve the employee morale at
your SOC? Here are some tips you can
deploy:
1)
People always want to know how they are doing:
Whether it is in a job situation or
you are an entrepreneur (like me), you always want feedback. You always want to know if you are meeting or
surpassing expectations, and what you can do better. As a leader or a manager, always be proactive
about this. Also equally important is to spontaneous about the feedback you are
giving. Whenever a manager scheduled a
specific meeting time, I dreaded that, because it just instilled mor fear into
me. Don’t do things that way. If have a few minutes, pull your employee aside
for a minute and tell them how things are going. Tell them what they are doing well at, but equally
if not more important, tell them the areas in which they need some improvement
in. But consider this as constructive
criticism. Don’t take a printed rating scale
and evaluate that way. Keep it informal,
relaxed and friendly. Also from time to
time, take your employees out to coffee or even lunch to keep the evaluation environments
changed up.
2)
Consider job rotation:
This is probably even more
important now than ever before, especially in Cybersecurity. For example, once some of the employees on
your SOC team have worked consistently for about a month, pull one or two out
for abut a week, and have them work in other areas within the other areas of the
IT Security team. This serves some key
advantages. First, your SOC employees
will get away from being isolated in a locked room, and they will learn how to
cultivate relationships with other members.
Second, they will get a much better insight into the various processes
that go into keeping tabs on the Cyber threat landscape. Third, if somebody from your SOC team calls
in sick one day, you can bring in one of your other employees that have been
cross trained in SOC operations to fill the gap for as long as needed. So, here is an idea: Why not first start this job rotation model
with your Threat Hunter and/or Modeler?
After all, they are hired to predict what the future looks like, so why
not give them an idea of what the present looks like? That might even fine tune their thinking
processes also.
3)
Work outside of the company:
Whenever the time permit, have your
SOC team work outside of the business. For example, perhaps arrange it so that
they can lead a Cyber boot camp for kids and teens to spur further interest in
Cyber. Or perhaps encourage them, if they
have time, to teach Cyber at a local junior college. Also, have them work inside other departments
of the company as well. This will give
them the chance to see what other employees are doing, and especially what their
Cyber concerns are as well. This not only
further shows to the SOC team the importance of their work, but it also fosters
teamwork across the entire organization.
But most importantly, it will help to get rid of that siloed
work environment!!!
My Thoughts On This:
Well, there you have it, 3 quick tips that you can almost
deploy starting even tomorrow. But just
a few key points to remember. First,
always treat your SOC employees with the utmost respect. At the end of the day, they are human beings
also, just like you and I, and they are no different.
If you have an issue with employee, just don’t yell at them
in front of everybody else, as it will accomplish nothing. Instead, have a private conversation with
them, and tell them what is going on, using a constructive criticism approach.
From time to time, keep reminding your employees how important
they are, without blowing up their egos out of proportion. In this regard, taking them out to dinner or
lunch every once in a while, or even a simple gift card will suffice. Or for that matter, even a simple pat on the back
will go a long way.
Finally as an SOC manager, don’t think it is your way or the
highway. You too are also an employee in
the company, and you have others you need to report to. So in this regard, have an open-door
policy. Let your employees tell you how
you are doing, and how the whole environment is. Try to take their feedback, and implement it.
This simply shows that you value their input also, and will
only result in a much stronger, more unified SOC team.
No comments:
Post a Comment