Measuring ROI for something like a security orchestration, automation and response (SOAR) solution within a security operations center (SOC) goes beyond saved time and prevented breaches. There’s a human element.
I sat down with Rebekah Wilke, the latest addition to our Swimlane family, to discuss that human element and explore the emerging landscape of security as a service.
In her previous role, Wilke managed security services, leading a national team of analysts, engineers, incident responders and managers who secure some of the most high-profile networks in the federal, financial, commercial and utility industries. She is passionate about building effective teams comprised of innovative, security thought leaders who are similarly passionate about what they do—both inside and outside of work.
In the Q&A that follows, Wilke explains why she believes team building—which effects overall SOC morale—is a critical component to measuring ROI for a security team or any team working within an enterprise.
Emma Furtado: In your previous roles, how would you measure the effectiveness of your team? What metrics would you use?
Rebekah Wilke: Over time, I’ve learned that you can’t manage what you can’t measure. With that said, there are creative ways to determine how an effective team is performing. Instead of using metrics to determine team performance, I find it beneficial to tie culture and morale to the overall output of the team. For example, helpfulness was a “metric” that I often used when looking at the team as a whole. Helpfulness is important for fostering a culture of teamwork that allows the group to perform better when tackling difficult tasks.
Another measurement that I paid close attention to was initiative. It’s nice when those you work with ask what’s needed and where they can help. It’s even nicer when they see a need and take steps to meet it on their own. An employee that takes initiative is definitely a sign of team satisfaction and engagement. Looking at team members who take initiative is also important for growing businesses or for rapidly changing workplaces that require people who can adapt and be proactive.
Furtado: How would you quantify ROI for board members or senior leadership?
Wilke: That is like hitting a moving target. By staying in tune with and evaluating the needs of the leadership team, there were several key areas that we employed:
- Identify opportunities for improvement.
- Demonstrate value in terms that actually resonate with the leadership team.
- Build confidence in the team’s ability to contribute to the overall organization’s vision.
- Provide executive leadership the transparency to see the impact of all programs and how they benefit team success and hurdles.
Every day was a balance of the costs and benefits of what we did and how we did it. Organizations, large and small, have finite resources, and learning to balance costs and benefits is a clear path to using resources wisely and efficiently.
Furtado: How do you keep a diverse set of skills within a team?
Wilke: Listening. Hear what your mid-level managers are saying, and hear what the guys and gals in the trenches are telling you. Determine where the talent deficits are, prioritize them and act. If your team sees management fighting for them, it bolsters the sense that “we are all in this fight together.”
Furtado: How do you keep teams working together instead of in silos?
Wilke: I think this is summed up with one word: relationships. Meaningful relationship building outside of the naturally-created silos gradually dilutes the strength of those barriers. I’ve found over time that this improves trust and willingness to share information regularly. Bottom line, if everyone is working towards the same goal and clearly understand their particular role, the ship moves in the right direction.
To break it down:
- Create a unified vision and culture.
- Work towards achieving a common goal.
- Motivate and incentivize.
- Execute and collaborate. Then create.
Furtado: What advice would you give to a SOC manager struggling to justify additional personnel?
Wilke: Overworked employees are stressed, which usually results in less productivity and decreased profits. New hires can alleviate the workload and boost morale among existing team members, which helps get overall motivation back on track. I think a simple, internal, off-the-record audit of the staff’s workload can be a useful method for supporting a case that more help is needed. I would often use this to prove how my plan would relieve the existing team’s workload, garnering higher efficiencies.
Secondly, I would make sure that I was aligned with the organization’s strategic direction. This would give my business case the proper footing relative to the overall financial metrics—real information from real data.
Finally, I would often focus on revenue impact: If we were understaffed, what were overtime costs? If the team was overworked, what was the cost associated with turnover? Recruiting costs can often become a major distraction and a heavy burden on teams and the enterprise as a whole. Essentially, I would make the case for the SOC manager to help the C-suite by moving hiring initiatives from the cost column to the profit column.
Furtado: Can you create change without disrupting processes?
Wilke: You don’t; I think part of the reason to create change is to disrupt the process. We often see larger organizations bogged down in processes and procedures, which stifles them from being agile and innovative. I think this is one of the largest hurdles I faced as my team grew. We often bantered about the operation being like a complex Rubik’s cube—Erno Rubik’s purpose in developing the Cube was solving the structural problems of moving all the parts independently without the entire mechanism falling apart.
Furtado: What advice would you give to other managers who want to scale their security teams?
Wilke: Don’t be afraid to delegate and to surround yourself with people who are smarter than you.
Furtado: How do you keep your team passionate and engaged in their work? What about preventing burnout?
Wilke: First, I think it’s important to understand some of the signs of fading work passion. Once you understand some of the symptoms, you can develop unique ways to keep your team engaged. For instance, the fear of making mistakes can be stifling for security teams. I strongly believe that harnessing a culture that challenges employees to take risks and discuss missteps encourages innovative thinking and problem solving.
Another red flag is when team members stop helping each other. It’s extremely important that healthy collaboration, mentorship and guidance becomes ingrained into the team’s core value system. Keeping passion alive is a constant, ever-changing process that requires care and attention. One success I’ve found with leadership teams is simply getting to know each other and celebrating milestones together. Fostering healthy connections with colleagues builds trust that ultimately finds its way back to the workspace.
*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Emma Furtado. Read the original post at: https://swimlane.com/blog/culture-morale-roi-for-soc/