Maintaining Your Most Valuable MSSP Assets
Creating a team of skilled security professionals is the single biggest gap for businesses today. While this gap is fueling the need for managed security services, managed security service providers (MSSPs) also face the same problem.
MSSP staff members are constantly being approached by recruiters, competitors and even their customers. The value that MSSPs deliver to their customers is a direct correlation to the talented people manning their operations. How can you better keep your security operations center (SOC) analysts happy, engaged and committed for the long term? Compensation is obvious, but I want to focus on three arguably more important factors: technology, team building and enablement.
Throughout an analyst’s day, they’re touching different technologies at the customer site and in your SOC. Having access to the right tools can make the job significantly more effective and efficient, which cuts down on frustration and increases productivity.
Involve analysts in technology choices: Which threat detection technology should your customer deploy? Ask your analyst! They understand what’s effective but more importantly, which technologies make their job easier. One brand’s alerts may only show a title, but another brand may provide comprehensive access to packet data as well as additional context from threat intelligence feeds. This is even more important when evaluating SOC tools. Changing to a more cost-effective tool that your analysts hate will only result in employee attrition.
Look at automation: Many MSSPs I talk to are looking at automation to reduce costs by increasing the analyst-to-customer ratio. However, the bigger benefit is being able to reduce the amount of Level 1 work an analyst needs to perform. Analysts love working on net-new cases where they can potentially unravel a significant breach and will, in many cases, work overtime to continue to triage. The opposite is also true, where working on repetitive cases can lead to fatigue.
2. Team Building and Culture
Analysts don’t work alone. The more they can work as a team, the more effective they’ll be. The camaraderie of a team helps employees believe they’re part of something bigger than themselves. Here are some suggestions to improve working environment:
Promote joint activities outside of work
- Provide access to entertainment at the office with a focus on multiplayer activities, like ping pong
- Plan regular team-building activities, like a staff lunch
- Encourage involvement in company activities
- Rotate analysts appropriately so everyone gets a chance to participate
Encourage interaction between SOCs
- Hold regular video conference hand-offs; everyone needs to know everyone’s face
- Offer cross-SOC training opportunities
- Create options to relocate between SOCs
3. Enablement and Career
Just like any other job, a network security employee wants to grow professionally. Not only do they want to enhance their skills, but they also want the opportunity to progress to a bigger role. Unless you’re a global MSSP, the latter can be a challenge as the company structure can be very flat. Some suggestions for professional development:
Implement training and mentor programs
- Particularly for a new analyst, it can be very rewarding to learn from someone senior. Establishing mentor relationships not only allows the new analyst to grow, but can also give the senior analyst a sense of accomplishment, especially if they’re not a manager.
- Encourage and support external training activities. Sending someone to the yearly Black Hat global information security conference can be seen as a big reward, but attending smaller — and often free — vendor trainings can have similar effects.
Expand job scopes: It’s not always possible to promote an individual, but providing them unique opportunities to show off their capability can be an alternative to career progression.
- Use case walkthroughs with the team to have analysts share interesting findings. This is even better if they can share their discoveries with people outside the SOC, such as the sales team.
- Provide SOC tours to customers and have analysts walk through their daily activity and share sample cases.
- Use monthly/quarterly customer reviews (onsite or remote) to show value to customers beyond reporting and alerting.
SOC analysts are your most valuable asset. Keep them happy and your business will prosper.
Bonus: Learn more information about SonicWall’s SecureFirst partner program, which helps accelerate our partners’ ability to be thought-leaders and game-changers in the ever-evolving security landscape.