Pandemic Pushes Security Analysts to the Brink

Even when times are good, security analysts working in Security Operations Centers (SOCs) are up against it. They must stay on top of a rising tide of ever-changing threats, knowing all the while they will be first in the firing line if ever a breach occurs. The COVID-19 pandemic has only made this job more difficullt. New research shows morale among security staff is at an all-time low.

Almost half of first-time security analysts working have experienced a reduced workforce as a result of the pandemic, while slightly more than 2 in 5 have had to spend more time on non-productive tasks and a similar number, 42%, feel pressure on the job has intensified. Also since the pandemic started, more time is spent on non-productive tasks and for a third of analysts (34%) work-life balance has been disrupted.

Half of first-time analysts plan to leave after just three months in the job, according to the study, and not one of them plans to stay in their current role for longer than 18 months. What’s more, across the board, nearly half (48%) of security analysts are considering leaving their role before 12 months is out. Across all pay grades, the average amount of time spent in the same post is just 30 months.

Top areas of dissatisfaction with the job contributing to this high rate of churn are mundane tasks (51%); frustration at events beyond their control (45%); the inability to allocate time effectively (30%) and a pressure-cooker environment (29%).

CISOs, however, can take heart that there were also one or two plus points for them to build on. Most security analysts (66%) say they enjoy a sense of team spirit, this is especially true for the over-35s. A large majority (96%) are able to prioritize alerts based on the risks to the organization while a similarly high proportion (89%) enjoy a close working relationship with colleagues in other departments such as GRC or vulnerability management.

Highly automated SOCs are becoming a reality. As the flood of security threats increases, new tools are needed to manage the rising tide of alert data. Many SOC teams rely on Security Orchestration and Response (SOAR) platforms to provide them with actionable information. However, these tools often fall short by failing to incorporate sufficient threat intelligence and context tied to the organization’s risk. What they are crying out for is something that gives them a clear view of the nature and severity of alerts. Armed with this intelligence they are better able to make informed decisions about incident response priorities.

Due to the pandemic, we are seeing growing interest in automation platforms that tie threat intelligence and context to an organization’s individually tailored risk profile. Unifying the output from multiple security solutions into one easy to use interface saves security analysts from constantly switching their attention from platform to platform when tracking down and mitigating potential security risks. Finally, they have a clear view of the nature and severity of threat alerts helping them make fast, informed decisions about incident response priorities. Here at least, automation is helping to ease some of the pressures of the job.

In summary, high rates of staff churn continue to plague under-pressure SOCs. The extra pressures caused by the pandemic have stretched staff to breaking point and, unless they do something about it, many will soon leave. The double-whammy of a global cyber skills shortage coupled with the pandemic have created melting-pot conditions where good staff are difficult to keep and even more difficult to come by. Morale could easily be improved with better career path planning, better integration with the business and increased use of automation to help reduce the amount of missed or false-positive security alerts.

Avatar photo

Faiz Shuja

Over sixteen years of experience in designing, implementing, and managing secure technology infrastructures. Currently Co-founder for SIRP. SIRP is a Security Orchestration, Automation and Response (SOAR) platform that helps organizations effectively manage their security operations with Incident Management, Threat Intelligence, Vulnerability Management and Risk Management modules.

faiz-shuja has 2 posts and counting.See all posts by faiz-shuja