By Jody Caldwell
Workplaces create stress – it’s an unfortunate fact of life – work is stressful. Stress isn’t even terribly complicated. People stress out when they believe that demands outstrip their resources or know-how.
There’s a difference between feeling pressure and feeling anxiety. Sometimes being “under pressure” is positive, because it’s a challenge that ultimately provides an employee a sense of accomplishment. Sometimes it even yields an iconic collaboration between David Bowie and Freddie Mercury.
While employees may be willing to accept pressure, they shouldn’t be forced to accept anxiety. Too much or too-difficult work can lead to long-term worry, which rarely leads to higher productivity. Whether feeling stressed due to lack of personal efficiency, proper training, collegial appreciation or even systemic dysfunctions, too much pressure can quickly escalate to manifest harmful physical and emotional reactions.
Despite coffee mugs regularly shouting from the shelf that “the grind never stops”, habitual stress puts the human body in an endless fight-or-flight response mode, elevating blood pressure, increasing the heart rate and straining the body and mind. Just ask Dr. Bruce Banner. While security analysts won’t gain super-strength from super-stress, they may turn a shade of green: workers who are under constant pressure get sick more easily, are more irritable, and have a harder time concentrating.
For security pros, such stress and anxiety have become a daily fixture, leading to an alarmingly high degree of burnout. Talent attrition is an enormous problem within the industry. Even more worrisome, ESG has found that 68% of cybersecurity professionals believe that a cybersecurity career can be taxing on the balance between one’s personal and professional life.
Given the rise of mental health awareness, companies are now alarmed about the consequences of their security experts taking the pressure of their jobs home with them. Many places of business are searching for solutions to mitigate the effects of stress like substance abuse and major depression. But companies need to go beyond providing employees with massage chairs, napping rooms, and fur-ternity leave, and equip them with the necessary tools to manage the demands of their roles.
Security analysts are inundated with more data than ever. Ostensibly, this is a good thing as it means access to a larger collection of threat indicators. At some point, though, more data starts to become too much data. Teams have to manage feeds and data inflow from multiple intelligence providers and open-source providers. Tickets and events come up tens or hundreds of times a day, raising frequent and false alarm bells that unnecessarily spike the heartrate of analysts, or worse, inure them to a threat. SIEMs have been helpful in monitoring the network by collecting and correlating the data, but they still require an analyst to follow up by researching the event, determining the relevant action to be taken, and ultimately submitting the ticket.
There’s no question this is real but silent suffering insecurity. Providing triage to so many alerts is a tedious and mind-numbing task with little reward and a lot of risks. When the demands are greater than the supply of attention an analyst can provide, things begin to fall between the cracks. An overload of expectations in combination with inefficient solutions may prevent employees from being productive. In some cases, people faced with this strain avoid dealing with a problem entirely, which may worsen the situation and increase tension for them and others around them. Drawing upon a useful axiom, even information is best in moderation.
Organizations can help prevent their IT and cybersecurity professionals from becoming either anxious from or desensitized to alerts, warnings, and notifications by shedding manual processes and using platforms that have been invented from the start with the cyber team in mind. In doing so, they can solve an immediate business problem and prevent a future one – employee retention issues.
Put Some Things on Auto-Pilot
When a job becomes overly tedious and manual, it frustrates valued talent. Security teams are driven by highly intelligent individuals who are rarely happy performing monotonous tasks like North Pole elves in a holiday movie. Companies can save their talent from spending the majority of their days copying and pasting between spreadsheets and tools through tailored automation that is often called playbooks. Playbooks are most widely known in the world of sports as a collection of strategies and plays that a team has practiced and could potentially run during a game. There are parallels to this in the world of IT, tasked that are common across organizations and can be managed through automation that efficiently processes data, creates intelligence and pushes it out to security teams or defensive tools. In short, when it comes to security teams, we’re telling you to put them in, coach.
The resulting time savings free up analysts to focus on more complex work that requires their intellects. Instead of worrying about submitting tickets to a firewall team or stressing out with each and every alert that comes up, they can spend more time on higher-level threats and solutions – things that can’t be automated.
Some security analysts endure the mental strain that comes with working on tasks without adequate training. 62% of cybersecurity professionals believe that their organization is not providing an adequate level of training for them to keep up with IT risks. That’s like giving half of Hogwarts a pool noodle to fight Voldemort.
While companies trust cybersecurity teams with the entirety of their data, analysts’ current roles don’t allow time for more sophisticated cybersecurity education—setting both parties up for disappointment when a lack of education slows the response time for the inevitable breach. Businesses keep security analysts busy with boring and redundant tasks yet expect them to save the day when issues of higher complexity come knocking.
Frustration can easily occur when being forced to make decisions without being properly informed, just ask anyone with only a selfie to go off of when deciding whether to go on a date with their Tinder match. An integrated cybersecurity platform is like getting a friend’s opinion of all of your dating-app matches, it can reduce guessing and provide context for threat data, resulting in better outcomes. One of the many benefits of a SOAR (Security Orchestration, Automation and Response) platform is that it automatically ingests all of the internal data and external threats. It then normalizes the information to be easily understood by each user role.
The Well-Being Supply Chain
Security analysts are among the most highly educated employees in many companies, endowed with unique skill sets not found elsewhere within most organizations. Forcing these individuals to spend their time completing repetitive tasks while trying to prepare for the unknown is difficult enough- Mr. Miyagi’s method of preparing a child to fight by having them tediously wax his car is a training technique that only works in The Karate Kid. Outside the cinematic universe, adding the requirement to prove one’s worth without tools to do so can truly weigh heavily on one’s mental health. It also turns them into less effective collaborators with their supervisors.
SOAR platforms can help to alleviate stress further up the chain of command as well. Being able to show ROI is crucial for those feeling the constant anxiety of demonstrating their worth. Supervisors in the IT field have long been plagued by accountability and attribution problems with respect to proving their value – it’s difficult to attach a dollar value to the downtime that never happened.
By nature, security teams are not revenue-generating, but they’re designed to protect the business services that do. When a cybersecurity team is successful in achieving zero downtime, nobody notices, so for those looking in from the outside, it can be difficult to measure the value a security analyst brings to a company. When security analysts are able to easily demonstrate return on investment, they no longer struggle to procure future resources that could be critical for the continued success of security operations, and even for the company as a whole.
From the perspective of those tasked with overseeing the structure of a company and the use of its resources, empowering the cybersecurity team to better orchestrate and automate its routine and high-stress tasks only make sense. It’s also simply the more ethical approach – with better tools available thanks to SOAR platforms, there’s simply no reason to continue subjecting our colleagues and team members to unnecessary stress.
About the Author
Jody Caldwell is the Sr. Director of Customer Success for ThreatConnect. Previously, he spent time in both the DoD and the Intelligence Community working with Network Security Operations Centers (NSOC) and Computer Emergency Response Teams (CERTS) in a variety of positions that include cyber threat analysis and leading cyber threat hunt, teams. Jody’s passionate about working with customers to strengthen security programs and leverage cyber threat intelligence to enhance their awareness while mitigating risks. Jody lives in Charleston, SC and enjoys boating and golfing.