Top 4 Reasons Why Analysts Quit Their Jobs
SOC analysts are on the front lines of their organization's security protocols, and are tasked with protecting valuable data from cyberattacks. Between the flood of alerts, burnout, no work/life balance, mundane tasks, and an industry skill shortage, it’s critical that CISOs find ways to retain staff.
The role of a SOC analyst isn’t an easy one. The job comes with more than just the responsibility of keeping the organization secure; it also comes with limited resources, staffing shortages, attrition, and immense mental pressure. So much so, that the average SOC analyst has a shelf life of just over two years before they leave the role.
1. Alert Fatigue and Burnout
The SOC analyst role has been described as “painful”, according to a report by the Ponemon Institute. When asked to elaborate, the surveyed analysts revealed that being on call 24/7/365 and surrounded by incessant alarms causes them to feel overwhelmed and burnt out. The more alerts they’re faced with, the more they normalize it, tolerate it, and then begin to ignore it. The reality is that the better a security analyst is at their job, the more they are needed.
The growing number of security alerts (11,000 according to Forrester Research) that the average organization deals with is not the only issue, however. Analysts have a difficult time identifying threats because they have too many indicators of compromise (IOCs) to track, too many false positives, a lack of resources and expertise, and a significant amount of traffic that needs to be compared against IOCs. This leads 53% of respondents to rate their SOC’s ability to gather evidence, investigate, and find the source of threats as ineffective.
Finally, there’s a personal component - The effects of cyberattacks extend beyond business losses — 96% of analysts are feeling significant personal impacts after cybersecurity breaches. Most analysts report longer hours, additional pressure/overnights, and added responsibility after an attack.
With no relief in sight, and the immense pressure they’re under, analysts find the job too hard to manage, and they walk away.
2. The “Rinse and Repeat, Then Do it Again” Problem
Being a security analyst is a challenging and highly specialized job. And yet, there is a lot of repetition of basic tasks that can leave intelligent professionals wanting more.
According to several studies, many junior workers who are first-time security analysts plan to leave after three (3) months and last until 18 months before they quit due to several reasons, including:
- 51% say there are too many mundane tasks.
- 45% say they are frustrated at events outside of their control but are expected to manage regardless.
- 30% say they’re unable to allocate their time effectively.
- 29% say that the SOC environment is too much of a pressure cooker
Sadly, these sentiments aren’t only reserved for the new recruits. Within the past two years, the high levels of staff churn have also involved more seasoned SOC analysts, with 48% admitting that they need to move on. The same study has found that, on average, the amount of time spent in the same SOC post, across all pay grades, is 30 months. As for their rationale, it’s a mix of increased workloads, mundane tasks or work/life balance.
- 46% have admitted that their workloads are too high due to a reduced workforce.
- 42% have found that they’re under significantly more pressure to do more.
- 40% are finding that they’re spending more time on non-productive tasks than they are on actual work.
- 34% have had their work/life balance disrupted.
All of the above can incite a security analyst to seek employment elsewhere that matches their needs.
3. There’s a Skills Shortage
In today’s industry, there is a significant cybersecurity skills gap, and it’s only been growing larger within the past four years, according to the Information Systems Security Association (ISSA). Their report states that 70% of all organizations suffer from a skills shortage, which has led to an increased workload for their existing staff, job openings that remain unfilled, and an inability to manage and utilize security technology as it’s meant to be used.
According to the NIST, there are nearly 2.72 million cybersecurity professionals that are needed globally, and some organizations have to make do with what they can get. As many as 50% of managers feel like their applicants are NOT well qualified for the positions they are applying for. And even then, 16% of respondents of an ISACA study found that on average, it takes 6+ months to fill a new cybersecurity position. So one problem is that not only are there not enough people, half of those are not even well qualified.
As well, 60% of cybersecurity professionals become proficient after 2 to 5 years of experience. This is a significant amount of time, and it’s generally due to their workloads, frequent burnouts, and the lack of time for training and proficiency. More so, according to the ISSA, 44% of analysts are solicited by a recruiter at least once a week, while 76% are approached monthly.
This highlights the need to have a flexible/balanced working environment for the analyst and the danger of remaining wide-open because one of your best analysts has left institutional knowledge retention becomes critical.
4. There’s No Growth, Professional Investment, or Guidance
In line with the skills gap and staff shortage mentioned above, there is very little investment from key decision-makers and business leaders to train or offer career guidance. As many as 68% of security staff interviewed by the ISSA said they don’t have a well-defined career path, no apprenticeship opportunities were available, nor are companies investing in upskilling their team to get more productivity.
At the analyst level, 96% believe their organization faces a significant disadvantage against cybercrime and malicious hackers because they’re not keeping up with their skills. By that same token, at least 66% say that they don’t have the time to upskill, due to their overworked and short-staffed situation. Finally, in the face of the monotonous tasks that the job entails, most analysts would welcome regular training sessions, because it keeps them engaged, challenged, and excited to work. An engaged SOC staff is a committed staff.
The reality is, however, that on average, less than one-third of the IT security budget is used to fund the SOC, so it’s not hard to see that there are significant issues from the cybersecurity front if the analysts aren’t prioritized.
How CISOs Can Turn The Tide
The reasons for the mass exodus of SecOps analysts come down to one simple factor: lack of resources. These resources are made up of qualified and trained staff, tools, training, and most of all, time. Thankfully, there is a solution - technology. Specifically, AI-Assisted Cybersecurity.
If the issue is not enough people, a lack of enough expertise to go around, and more alerts than can be handled by the average SOC team, AI can help. AI-Assisted Cybersecurity offers a hybrid approach to cybersecurity by leveraging deep learning, decision automation, and expert knowledge to codify the collective knowledge of the analyst team, streamline security operations, and reduce repetitive tasks. AI-Assisted Cybersecurity improves efficiency in security operations by integrating the expert knowledge and historical behaviors of the team within AI models.
By relying on a tool to augment your SOC team, you’re directly addressing the attrition problem. The institutional knowledge of the team is leveraged by an AI that functions as an assistance program to the staff and scales the SOC’s capacity to deal with threats and operationalize efficiency. A team that has a mix of technology tools that are constantly updated and built upon by the staff, that have their repetitive tasks managed, and their alarms addressed, is a team that can avoid alert fatigue, burnout, and remain focused, creative, and upgrade their skills to better serve the security needs of their organization.
A team with AI-Assisted Cybersecurity, such as Arcanna.ai, is a team that is committed to its security operations.