No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Combatting Burnout Among IT Security Pros

Cybersecurity experts, the first responders to security incidents, arguably have more stressful jobs than their IT peers. A cybersecurity expert needs broad IT and security-specific knowledge — and there aren’t enough of these professionals to fill available positions. I first wrote about this persistent problem two years ago.
 
The U.S. isn’t the best country for cybersecurity preparedness, as I reported earlier this year in the post, “Cybersecurity Posture by Country: U.S. Not the Best.” U.S. organizations need to step up their cybersecurity efforts. The shortage of expertise is one factor; but also of interest are the pain points, turnover, and burnout of those holding cybersecurity roles.
 
CNBC earlier this year reported on how “the serious shortage of cybersecurity experts could cost companies hundreds of millions of dollars.” In the article, CNBC concluded that: 1) cybersecurity has become a significant priority for organizations, 2) there are 2.93 million cybersecurity unfilled positions around the world, and 3) the talent shortage will lead to significant financial losses because organizations don’t have the right controls or security processes for detecting, mitigating, and preventing cyberattacks.
 
Barriers to Cybersecurity Success
The study “Improving the Effectiveness of the Security Operations Center,” sponsored by Devo Technology and independently conducted by Ponemon Institute, finds the biggest barriers to SOC effectiveness are the lack of knowledge and missing visibility of an organization’s infrastructure, with an incomplete inventory of and up-to-date status on configuration and location of assets. Many organizations, especially SMBs, need to outsource security capabilities but discover the security services don’t align well with their industry and culture. There’s also a conflict between IT and line-of-business (LoB) priorities, as I’ve discussed in a previous post, “Cloud Security Concerns: IT vs. LoB.”
 
 
The main barriers to successful SOC operations
Source: Ponemon Institute/Devo Technology study, "Improving the Effectiveness of the Security Operations Center"
 
Pain Points
The single biggest problem is a burnout-inducing workload, as you can see in the image below; this leads to performance issues, reduces security effectiveness, and produces turnover. The cycle is never-ending, with fewer staff leading to further workload increases, and on and on.
 
Close behind is the lack of network visibility, followed by the requirement to be available 24/7. When alert volume is too high, some get missed and others ignored — there aren’t enough hours to respond to them. This opens the organization to threats. It also means that intrusions can go undetected for weeks and months.
 
Those Who Quit Cybersecurity
Two thirds of survey respondents reported they are likely or very likely to quit their SOC jobs. Turnover, of course, exacerbates the understaffing problem, and leads to a lack of loyalty in general among SOC employees. The stress and pain of the working conditions in a SOC limits the ability of organizations to hire and retain experienced IT security experts.
 
What makes working in the SOC so painful?
Source: Ponemon Institute/Devo Technology study, "Improving the Effectiveness of the Security Operations Center"
 
The survey respondents point out that automation and a normalized work schedule would reduce their complaints. They’re not looking for more vacation time but want workflow automation. Additional survey recommendations are:
  • Access to more best practices content, such as rules and playbooks
  • More resources
  • Assistance in prioritizing incidents and tasks from the LoB as well as IT
  • Stress management programs and psychological counseling to teach SOC staff how to cope with the stress and remain effective
 
Recommendations
Organizations are frustrated and struggle with SOC effectiveness when confronted with challenges such as budgets, lack of infrastructure visibility, and organizational culture. The limited talent pool, growing workloads, and alert fatigue cause stress that leads to a career change for many.
 
The report stressed three main points:
  • Address analyst burnout
  • Develop stronger alignment between the SOC and the LoB
  • Budget and implement security operations technologies