Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Five Ways to Chase Away Your Best Security Analysts

One topic of conversation that surfaces quite regularly is the skills gap and critical staffing shortage present in the security field. From the data points I’ve been able to gather, this need is felt most acutely in the security operations and incident response space.

One topic of conversation that surfaces quite regularly is the skills gap and critical staffing shortage present in the security field. From the data points I’ve been able to gather, this need is felt most acutely in the security operations and incident response space.

Organizations simply cannot find and hold onto enough qualified security analysts. In the past, I’ve written in other publications regarding the topic of identifying, recruiting, and training potential security talent. I won’t rehash these points here, though I’d like to take a look at another piece of the human resource puzzle. Once we successfully manage to bring new talent into our organization, our focus necessarily turns to retention.

I would posit that retaining the talent we work so hard to acquire and train is equally as important as finding that talent in the first place. Unfortunately, retention is an area that many organizations struggle with. It is certainly every organization’s intention to retain valuable and scarce talent, but in practice, this turns out to be extremely difficult for most organizations. Why is that? There are many potential angles from which it is possible to approach this question. Let’s take a look at the question from the perspective of several points that, in my experience, have caused talented analysts to flee organizations. This approach may be a bit of an unconventional manner in which to communicate the challenges, but I am hopeful that it will succeed in that endeavor.

It was through a “Fast Company” article entitled “10 Ways to Lose Your Best Employees”  originally published in October 2013 that I found my inspiration for this piece. The article provides an interesting perspective on how companies sometimes drive away their best talent. I thought it might be interesting to take a look at this concept from a security operations and incident response perspective. During the course of my career, I have seen organizations make mistakes that have cost them their best analysts. My hope is that this piece will help organizations identify ways in which they can improve in order to retain their best talent. Here are my thoughts on “Five Ways to Chase Away Your Best Analysts”:

Retaining IT Security Talent1. Put a jerk or an idiot in charge: This concept is fairly universal, and was listed in the original Fast Company article as well. Studies have shown time and time again that the manager has the most direct effect on an employee’s happiness. Security operations is a serious business with serious consequences, and it is one that deserves a serious leader. Think twice before you crown a leader who can’t spell incident response, or who has no incident response or security operations experience. An analyst who needs to take time away from important work to give remedial security lessons to his or her “leader” is not going to be a happy analyst.

2. Deliver technology that doesn’t work: In the heat of an incident response, key stakeholders need answers, and they need them fast. An experienced analyst knows how to interrogate the data to answer the tough questions of the day. Want to infuriate your best analysts? Provide them with technology that fights them and swims against the workflow, rather than technology that supports the mission. That is another great way to bring about that resignation letter.

3. Micro-manage incident response: During an incident response, management has the best intentions and wants to do what’s best for the organization. But management may be several years removed from the operational realities and best practices of the day. The role of management during incident response is to ask tough questions that need to be answered, and then to step back and let the analysts/incident responders go about doing the work required to answer those questions. More often than not, in my experience, management micro-manages incident response. This causes valuable analyst cycles to be wasted in pursuits that are less value-added or potentially off task. Remember, there are a lot of ideas or thoughts that may seem good in theory, but experience and practice have shown that they are a dead-end. The best analysts know this, and management can empower them by focusing them on high-level objectives and then letting them get to work.

4. Value body heat over grey matter: It’s an unfortunate reality that office environments are sometimes political and require self-promotion. The best analysts are generally apolitical and spend most of their time hard at work, rather than tooting their own horn. Management can help them by presenting, representing, and communicating their efforts and accomplishments to leadership. Want to step in and take credit for the hard work your best analysts are doing to make yourself look good? Kiss those analysts goodbye.

5. Don’t match your actions to your words: Analysts are, not surprisingly, analytical by nature. Actions speak louder than words, and analysts can see through words that are not matched by action. If your security operations program is a priority, then make it so through action. Simply speaking to it as a priority without matching that talk with action will cause your best analysts to look elsewhere for a better fit.

Advertisement. Scroll to continue reading.

Security operations and incident response are already a high priority or are quickly becoming a high priority for almost every organization. There is simply not enough experienced analytical talent to meet the demands of the field. Given this constraint, it is perhaps helpful to understand the mistakes of others and to look at making your organization more attractive to hard-to-find and harder-to-retain analytical talent. Through highlighting common mistakes organizations often make, I hope to educate organizations as to how they can avoid making those same mistakes. In the end, I believe that this will help organizations with the retention problem they often struggle with.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem