Organisations have work to do if they want to attract and retain diverse talent in their security operations (SecOps) teams, according to SOC.OS and Sapio Research.
SecOps teams: Job satisfaction is low
23% or respondents said they’re struggling to incentivise, motivate and retain their SecOps teams. Budget was noted as a key source of these staffing challenges, according to a third of security leaders:
- A vicious cycle: 36% said that because SecOps teams are understaffed and overworked, job satisfaction and wellbeing is low. This inevitably leads to even more talent leaving.
- Churn: According to two-fifths (38%) of respondents, high churn also means time and money spent on training new recruits is not recouped, punching a further hole in budgets.
- Hiring issues: 38% suggested that hiring managers struggled to fully understand the requirements of SOC roles and so are not hiring from the full talent pool.
To rectify the situation and find and hold on to diverse talent, the industry should be educating younger people about their SecOps job prospects, according to over half (55%) of respondents. It should also create more transparency around career path and training opportunities, they said.
Two-fifths (41%) agreed that organisations need to remove misconceptions about required skills sets, and a similar number (39%) argued that they need to commit to avoiding unconscious bias when recruiting.
Among the essential skills identified for SecOps staff were:
- Critical thinking (66%)
- An eye for detail (58%)
- Communication and collaboration (38%, rising to 54% for organisations with 1000+ employees)
“Skills shortages are problem across the cybersecurity industry and SecOps is no different. While technology can take some of the strain off by automating processes, you still need hungry, motivated analysts to drill down into those alerts,” added Mareels.
“The new year traditionally sees a flurry of job-hunting activity, and in 2022 this will be exacerbated by the pandemic. We’re calling on employers to up their game on diversity, in order to build the skilled SecOps teams they need to protect the organisation from spiralling cyber-threats.”