How to tackle burnout at the source in the security operations center

Frontline security teams play an invaluable role in their organization’s health and success. But as cyberattacks increase and organizations face a mountain of internal and external pressures, burnout among security professionals has hit worrying levels — leaving many heading for the door.

Tines’s 2023 Voice of the SOC report recently shone a spotlight on the scale of this issue. This survey of 900 security professionals across the United States, the United Kingdom and Europe found that nearly two thirds (63%) of the respondents are experiencing some level of burnout, prompted by growing workloads, shrinking budgets and a worsening skills shortage. 

More concerning is that burned out security professionals are looking for an exit — 81% of respondents who said they were likely to switch jobs in the next year also reported feelings of burnout. This presents a huge problem for security leaders, who face the challenge of defending their organization against escalating threats with shrinking resources while simultaneously managing the internal crises of recruitment and retention.

Clearly, it’s time to step back and address the root cause of burnout in the SOC (security operations center). How do we ensure that the best defenders in our organizations are not only equipped, but also motivated to stand strong against the rising tide of cybersecurity threats? Based on data-driven insights from the report, the following four actions can help SOC teams stay ahead of the challenge.

Optimize your resources

Let’s face it — the economy throws out a lot of challenges for security leaders. From hiring freezes and layoffs to skills shortages and shrinking budgets, organizations of all sizes are grappling with uncertainty right now. In the meantime, security threats are increasing, forcing smaller teams to do more with less.

There’s a clear dichotomy in the ways businesses can bolster their resources: either ramp up hiring, or invest in better, more efficient tools. The report demonstrated that a lack of time is the number one resource preventing security professionals from doing their best work (42%), followed by budget (39%), effective tools (39%) and people (35%). While bringing more hands-on deck can distribute the workload, it’s not a perfect solution. If security leaders are not empowering their teams to do their best work, they’re setting themselves — and their SOC — up for failure. 

By leveraging no-code platforms to build automated workflows across systems and business units, teams can handle data more efficiently, communicate better and meet reporting requirements without unnecessary manual overhead.

Tackle burnout at the source

It’s encouraging to hear that almost all (99%) of security professionals surveyed are satisfied with their job. But if nearly two-thirds say they’re burned out, and one in five say they’re very burned out, it’s time to sit up and take notice.

The report confirms that SOC teams want to pursue high impact work but are being held back by a handful of persistent bugbears. The data shows that some of the most common challenges include an overload of data, excessive reporting requirements and the drain of monotonous tasks that consume valuable work hours.

For a quarter of respondents, repetitive manual tasks take up more than half of their work time. Little wonder, then, why more than half of security pros cite this monotonous work as their leading source of burnout.

The silver lining here is that a lot of the routine tasks that SOC analysts grapple with daily — like monitoring, reporting, troubleshooting and communication — can be automated. And when security teams automate the mundane, they free up the practitioners to focus on valuable work that genuinely leverages their expertise, boosting their productivity and their relationship with their work.

Prioritize retention

It’s well-reported that the cybersecurity industry is laboring under a significant skills shortage: there simply aren’t enough qualified professionals to meet demand. Half of respondents in the survey said their SOC team was understaffed, while 81% said their workload had increased over the past year. Unsurprisingly, burnout is higher among professionals who feel understaffed (79%) than those who don’t (47%).

This pronounced skills shortage makes every member of a security team invaluable. If a highly skilled employee leaves, it will be difficult — and expensive — to replace them, so minimizing employee churn is mission-critical. 

While a pay increase is a reliably effective retention strategy (49% of security professionals told us so), tooling also plays a crucial role: 42% of respondents told us that modern tools with more advanced capabilities would influence their decision to stay, while 39% valued tools for automating tedious manual tasks for the same reason. Just as telling is this statistic: 93% of respondents agreed that automation in their workflow would improve their work-life balance.

Whether by paying them more or making their jobs easier, organizations need to do what it takes to keep SOC analysts happy and onboard. By making the roles of SOC analysts more streamlined and less stressful, organizations can ensure their practitioners stay, but also thrive.

Break down silos

One clear message from the report was the challenge posed by communication barriers and data collection silos. Respondents consistently pointed to these as pain points in their day-to-day work, and these challenges are exacerbated by silos between departments and business units. 

Nearly half (49%) of the survey respondents said their workflow involved too many different consoles and tools for investigating incidents, suggesting tool consolidation is a key factor in reducing the daily burden on SOC teams. Likewise, 45% reported a lack of unified query language for accessing data across systems, and nearly a quarter (23%) reported that teams were heavily siloed.

Inter-departmental gaps can be more than just bottlenecks; they can be major stress inducers. Streamlined workflows, clearer communication channels and integrated tools can go a long way in ensuring your SOC analysts are not bogged down by avoidable administrative hassles.

Building a resilient SOC

The report paints a clear picture of the pressures facing today’s security teams, but it also offers a roadmap to solutions. By understanding the challenges of security professionals and acting on their feedback, we can create supportive environments where teams feel valued, engaged and empowered to do their best work.

Recognizing the severity of the issue is the first step, but competitive organizations need to move quickly to address the lack of resources in their SOC — or risk negatively impacting their reputation, and their bottom line. Leaders must commit to providing their teams with the resources they need to focus on what truly matters.

To the community of security professionals, remember: no one is in this alone. The challenges are real, but with the right tools and strategies, organizations can ensure a more stable future. 

https://www.securitymagazine.com/articles/100692-how-to-tackle-burnout-at-the-source-in-the-security-operations-center