How to build a better SOC team
The security skills shortage is a very real issue. Cisco estimates that there are currently one million unfilled cyber security jobs worldwide, while a report from Frost & Sullivan predicts that by 2020, the number will be 1.5 million. The security industry is only growing – and fast. IDC says it’s on its way to becoming a $101 billion opportunity by 2020.
There’s no scarcity of discussion around the reasons for this skills shortage or ideas for how we can narrow the gap. Few discussions, however, take an honest look at the contrasting career paths of veteran security pros and the junior security specialists of today – and how that contrast is only compounding challenges.
Today’s seasoned security professionals come from a bygone era when they started out as network practitioners and then worked their way through different areas of IT – working on desktops, managing data center networks, overseeing network architecture and then pivoting to security. The career route today’s veteran security pros navigated gave them a holistic understanding of how security practices and architectures are dependent on the network, and that real-time network context is core to detecting threats and speeding remediation.
This holistic understanding of the interconnected relationship between security and the network has been beneficial to veteran security pros, as they go up against nimble cyber security adversaries who come armed with a comprehensive knowledge of the network that they have, themselves, learned though their attempts to compromise IT systems in multiple ways.
Nowadays, most junior security professionals come right out of college with four-year degrees in computer science that have given them a solid security foundation. What they lack, however, is the foundational and practitioner knowledge of the networking side of things.
The result: SOC team overload
The skills gap and differing career paths of veteran security pros and junior security professionals come together to create the perfect storm – leading to security operations center (SOC) team overload and fatigue where there is an overreliance on one or two security experts and veterans that end up firefighting more than threat hunting. This, in turn, leaves companies more vulnerable and can potentially lead to serious consequences for the business. A recent report by McAfee found that one in three participants say the cyber security skills shortage makes them prime hacking targets; one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.
What can organizations do to alleviate the strain on its security professionals, better protect the business and – most importantly – build a better SOC team?
1. Look for a broader skillset
When recruiting cyber security talent, it’s now the norm to inject new talent with college degrees and certifications in security. But if we can learn anything from the career paths that many current security pros took, it’s that going the pure-play security route with little network knowledge or practice often isn’t optimal for a junior security analyst.
Be open to tech talent from other areas of IT, especially with hands-on network and desktop/server experience – understanding that while they may initially need some security training, their skillset and broader organizational knowledge may ultimately bring unforeseen value to your SOC team. You should also be open to candidates that didn’t make the traditional choice to attend a four-year college. Plenty of talent is cultivated through self-taught tech skills or being actively involved in the open source community. It really does shorten the ramp-up time and improve effectiveness with hands-on experience of real-world problems versus just classroom exercises.
2. Invest in post-degree training in networking
It’s not unusual for junior members of the team to look to senior members for guidance. The negative effect of this is that senior members are stuck fighting fires that junior team members can’t handle on their own and don’t have the time to focus on their own responsibilities.
Smart organizations will invest in post-degree training in networking. Participating in hands-on labs and workshops will help junior members augment the security skills they learned in school with a better understanding of the network fundamentals. Investing in junior staff in this way will not only alleviate some of the burden from senior members of your SOC team, but will also motivate junior members of the team and make them feel like the organization is taking an active role in their career development. It will put them on the right path to one day have the same varied skillset as the senior members of the team.
3. Invest in technology that provides better network visibility and context
The two tips above won’t make noticeable changes for your SOC team overnight. But one thing that will bring about change more quickly is to invest in tools that help with providing the knowledge about the network to fill in that skills gap. That extra context combined with better automation can help junior security analysts and IT members better see the correlation between security events and the network impact for better identification and remediation. Certainly as they work with network teams, it provides them with much more usable information to better address changes required prior to a breach, as well as plugging holes after more quickly to avoid repeat.
Today’s organizations’ IT infrastructure is spread among an increasingly dynamic environment (cloud, virtual, on-premises, mobile and IoT devices). Realities around bring your own device (BYOD), more newly networked devices (IoT) and shadow IT only add to the complexity. As the attack surface grows, your SOC team is tasked with a challenging imperative.
SOC teams need to have an understanding of the full network – all connections and devices within the network. They need full visibility into those networks – and the activity and changes taking place on them as changes happen. Certainly, the dynamic nature of networks endpoints, including VMs, makes it critical to be able to see changes in real-time as they occur. Investing in tools that provide wide-ranging network situational analysis and work with current security stacks to augment the knowledge, analysis and automation of tasks to make it easier for the SOC team with a full range of experience and skills will reduce the strain veterans and top-tier analysts.
The security skills shortage may be placing undue burden on your SOC team, but there are steps you can take as an organization to relieve some of the challenges. Remember that not all talented security professionals follow the same path. Provide post-degree training in networking to junior staff members to vary their skillset and help with their career development. And invest in technologies that will automate tasks while also providing greater context and visibility so that your SOC team is able to more successfully go up against today’s cyber security adversaries.