Can we prevent Security Analyst Burnout ?

Ajouter à mon PDF personnalisé

A Human Capital Model for Mitigating Security Analyst Burnout

Many organizations dedicate significant resources to security monitoring. The ability to identify threats to security depends on effective analysts so it’s troubling that this group is often characterized by high rates of burnout. Although there is clear concern about the consequences of frustration and fatigue, such as increased risk of poor judgment and turnover, little is known about what’s behind the phenomenon.

Sundaramurthy et al. worked with the security analysts from one Security Operation Center (SOC) to identify the factors behind security analyst burnout. Using an approach long accepted in anthropology, known as Grounded Theory, one researcher was embedded as an analyst in a corporate SOC – both doing and observing the job on a daily basis, with minimum interruption to the operations. The researcher took notes on their observations, which were then coded and grouped into a coherent set of findings. In this case, the findings that emerged point to analyst burnout as a human capital management issue, stemming from the interaction of human, technical, and managerial factors.

Human capital is the sum total of the knowledge, skills, and experiences of the individuals and the team. This asset must be carefully managed, alongside the other resources and operational demands of any security monitoring mandate. The human capital cycle illustrates the factors that reinforce one another in a cyclical manner. Importantly, the reinforcement can be either positive (virtuous) or negative (vicious); when skills are low, for example, an analyst might be only marginally empowered, with few creative outlets and growth opportunities. Someone with a higher level of skill, however, might be granted more opportunities, so experience an increase in their knowledge and skills.

There are several factors that intersect with this model in shaping security analysts’ enthusiasm for their work. Done right, these factors can reinforce the virtuous cycle; however, mismanaging any of these factors could contribute to the negative reinforcement of a vicious cycle.

Operational efficiency can be realised through adequate and clear communication to support cooperation. This is particularly important in organizational contexts where the analyst’s workflow is dependent on other departments with different priorities. Automation can be empowering when based on true needs identified through reflection, can permit the redirection of the analyst’s energy to less repetitive tasks and also provide a creative outlet. Performance metrics can contribute to satisfaction where measures are seen as reflecting analysts’ achievements. However, these metrics must not be relied upon for people or process management but integrated with other analyses with the understanding that metrics oversimplify and cannot capture the full extent of operational activities.

Analyst job satisfaction is integral to a sustainable security enterprise. To effectively and proactively address the issue of analyst burnout, those who select or manage security monitoring operations can watch for opportunities to have analysts contribute to planning about operations and automation, as well as decision-making about meaningful metrics. Whether in-house or externally provided, security operations must have access to effective communication and smooth workflows between departments.

Human capital management can reinforce a virtuous cycle of improvement for security analysts and prevent burnout.