Five steps to prevent burnout of cybersecurity specialists

Working in a monitoring and response center (SOC) is a constant stress: on the one hand, specialists laboriously and monotonously search for anomalies day after day, and on the other hand, they bear a huge responsibility for the safety of the company. I run the internal SOC of Kaspersky Lab, which provides the Kaspersky Managed Detection and Response service , and would like to share my experience – tell about the specifics of the center and how I try to minimize employee stress and prevent burnout.

Step 1: form a team

The main thing is to organize the team correctly. Hire not enough people – and they quickly get tired; hire with a margin – they will be bored. It is important to find a balance here.

First, define the scope of work and roles. Outline tasks to be performed by in-house specialists and those that can be outsourced to third-party vendors. This will make it easier for you to calculate the required headcount. Don’t forget: outsourcing management also needs specialists.

• A SOC requires at least six employees: two monitoring specialists, one threat investigator, an architectural engineer, an administrator, and a SOC leader.
• When changing frames, the load on the team will increase. Consider in advance how to mitigate the negative effects of this.

Step 2: reward employees

Motivation is the key to effective work. Of course, it is necessary to create favorable conditions for career growth and a comfortable working environment. But there are other factors that affect team motivation: for example, goal setting should be transparent, and the assessment of results should be understandable and reasonable. People strive for new professional heights, and they achieve success if they know that their work is appreciated.

• Rather than thwarting newcomers and punishing mistakes, motivate leaders and reward employee commitment.
• Create a supportive work environment. Offer employees decent wages, incentive payments, social programs, and physical activity breaks. Maintain a healthy team environment.
• Explain to employees the goals, objectives and indicators by which the company as a whole and you in particular will evaluate their work.
• Clearly outline the career path of employees: your colleagues need to know what a particular team is responsible for and what needs to be done to move to a higher or other position of interest to them. Everyone should work where he likes – only then will a specialist be able to achieve outstanding results.

Step 3: minimize stress

The work of a SOC analyst is always stressful, and it is very important to keep it to a minimum. Of course, you will not create heaven, but you are quite capable of reducing the workload on your employees.

• Let them plan their time on their own. If flexible scheduling does not hinder performance (and you took care of it in the previous step), then it shouldn’t cause any problems.
• Share your opinion with colleagues and listen to them. Transparency and trust must be reciprocal.
• Support the team. Employees should feel confident in difficult situations and rely on the help of a manager or subject matter experts.

Step 4: inspire colleagues

SOC is a team. Take time to analyze its characteristics, determine the optimal work tandems and the tasks they perform better than others, and build team spirit.

• From time to time, offer employees new non-standard tasks. This will not only whet their interest, but it will also help you identify their strengths and preferences.
• Define the area of ​​responsibility of each specialist – this will give them confidence that their contribution is important and truly appreciated.
• Create an environment for professional development, including opportunities to share knowledge and participate in trainings and webinars.
• Arrange team buildings. By observing employees in an informal setting, you can discover qualities in them that can help improve team effectiveness.

Step 5: keep your routine to a minimum

One of the main factors leading to burnout is routine. As I already noted, the work of SOC specialists is monotonous, and for the most part, it will not be possible to avoid routine tasks. However, you can mitigate their harmful effects by automating them or outsourcing some of them.

• Engage third-party experts to solve routine tasks when it is appropriate and effective.
• Use tools and services that simplify typical information security processes.
• Always look for new optimization opportunities. Anything that can be automated needs to be automated: don’t waste human potential on routine.

Reallocation of resources and tasks is not easy, and it will not work automatically. While the idea of ​​reducing workload is alluring, the most important thing is to keep employees engaged and motivated. In addition, for legal and other reasons, it will not be possible to outsource some tasks to external specialists. And if it works out, you need to make sure that the contract with the supplier spells out not only his obligations, but also the responsibility, as well as the consequences of the violation. As for automation – before starting it, it is important to analyze the relevant processes and user opinions, as well as identify problems in the team’s work. This will create an effective and realistic plan.