Signs of analyst burnout & how SOAR can help

The Mayo Clinic defines work-related burnout as “a state of physical or emotional exhaustion that also involves a sense of reduced accomplishment and loss of personal identity.” And earlier this week, burnout was classified as a “syndrome,” according to the International Classification of Diseases, or the ICD-11, of the World Health Organization‘s (WHO) handbook that guides medical providers in diagnosing diseases. Even though it was deemed “one of the most widely discussed mental health problems in modern societies,” burnout has lacked a true diagnosis until now.

According to the ICD-11 chart, burnout is the result of “chronic workplace stress that has not been successfully managed” and is now included in the section on problems related to employment or unemployment. According to the handbook, doctors can diagnose burnout if someone has:

  1. Feelings of energy depletion or exhaustion
  2. Increased mental distance from one’s job, or feelings of negativism or cynicism related to one’s job
  3. Reduced professional efficacy

Security analysts are expected to investigate and remediate thousands of alerts in a day while keeping up with an ever-evolving threat landscape, new technology, under-staffed security operations centers (SOCs) and more. Many were attracted to this field because of the complex investigations and incident response processes associated with these challenges, but many are stuck completing menial tasks (like copy/paste) instead. The work that was once interesting is now exhausting and dull, resulting in high employee turnover industry wide.

This is bad for organizations too. Most employers hope their employees enjoy their day-to-day, but the stakes are higher with these positions. When analysts can’t keep up with alerts, when they’re exhausted from mundane tasks, and when they are left with little to no time for more in-depth investigations or proactive threat hunting, the organization is vulnerable to breaches.

So, what does analyst burnout look like? Here are some signs:


When employees are stressed about their roles or day-to-day activities, it can become impossible to unwind and relax at the end of the day. This leads to low-quality sleep. Not only can this make someone sleepy and maybe a little grumpy, some of the more dire side effects of sleep deprivation include hallucinating, trouble recalling memories and even physical fatigue and pain. Physical and mental exhaustion can also lead to a weakened immune system and depression, which makes the individual morel susceptible to the cold, flu and other infections.


A cynical attitude does not just affect the mood of the individual, it could suggest their passion and enthusiasm for the role has been spent. When a cynical attitude develops, an analyst’s trust in their colleagues may erode, and their productivity can suffer greatly.


What’s more, a cynical attitude can lead to a lesser attention to detail, which can lead to mistakes. Mistakes in cybersecurity mean vulnerabilities to the organization and customer data.

As humans, we all make mistakes from time to time, but security analysts who are burned out often repeat mistakes over and over again, as their exhaustion is affecting their capability for quick recall.

How SOAR can help

Security analysts struggle with daily alert fatigue, leading to burnout and legitimate security vulnerabilities. Swimlane helps by automating the menial tasks and empowering their teams to get back to the meaningful work they’re trained to do.

Swimlane’s security orchestration, automation and response (SOAR) platform is designed to orchestrate and automate and organization’s existing people, processes and technology. This means, analysts are able to automate the menial day-to-day tasks (like copy/paste) and freed-up to complete more in-depth, complex investigations and proactive threat hunting—which can lead to higher performance, job satisfaction and security for the organization.

*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Ellyn Kirtley. Read the original post at: