Security Operations Center (SOC) Research: Leader, Staffer Communication Disconnect?

Do company leaders and security operation centers (SOC) staffers communicate effectively with one another on key issues? Maybe not so well.

SOCs are impaired, “even crippled” by perceived breakdowns in communication between leaders and staff concerning operational effectiveness and capabilities, a new study showed.

A case in point: Roughly 60 percent of the 1,000 cybersecurity professionals worldwide in Devo Technology’s third annual SOC Performance Report rated communication between leaders (senior executives, vice presidents, directors, managers) and rank-and-file employees (supervisors, technicians, contractors) at average-to-below-average. More than one-third ranked it below average. The respondents were divvied up by 535 leaders and 485 staffers.

Here are some findings from the the cloud-native logging and security analytics platform provider's research:

  • More than 70 percent SOC staff rate their “pain” level from a seven to 10 on a scale of 10.
  • When asked, “What makes working in the SOC painful?” 70% said information overload, followed by lack of resources (58%), and inability to capture actionable intelligence (56%).
  • 63% of survey respondents said that on-the-job pain in the SOC has caused them to consider changing careers or leaving their jobs.
  • 60% said turf and silo issues are a primary barrier to success.
  • More than 40% said lack of leadership or lack of executive-level support is a major barrier to success.

As for the discrepancy in perception between leaders and staff on how the SOC is working or not working:

  • Half of leaders assessed their SOC as highly effective versus less than 40% of staff.
  • More than half of leaders lauded the investigative capabilities of their SOC, while only one-third of staffers gave it high marks.
  • In assessing the communication of SOC strategy “to the trenches,” nearly 60% ranked it as average or below average. More than one-third rated it as below average.

“The growing perception gap over SOC efficiency between operational leaders and practitioners should be seen as a warning sign of simmering frustrations that can have implications on SOC efficacy and analyst retention,” said Gunter Ollmann, Devo’s chief security officer. “Whether complacency or still navigating new modes of work and staffing in the past year, organizations can’t afford to stall in advancing their defenses against what is a growing onslaught of attacks,” he said.

In contrast to this year’s results, last year’s report found that high performing organizations are advancing even in the face of substantial workforce challenges.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.