By signing up you accept the Terms of Service and Privacy Policy

How to Retain your Security Analyst

Below is an article originally written by Jerry Heinz and published on October 1, 2020, in ActZeroAI's blog. Go to ActZeroAI's company page on PowerToFly to see their open positions and learn more.

We've covered the cybersecurity hiring shortage previously. We've warned against taking this path before. Now, let's talk about what happens if you are lucky enough to hire a qualified analyst.

In short: you'll need to pull out all the stops if you want to keep them.

Why You Might Consider Hiring a Security Analyst

Hiring a security analyst often seems like the logical "next step" once your small-to-medium sized business has its antivirus and firewall up and running.

You want visibility. Visibility requires tooling. Tooling requires trained operators.

For instance, you might want an intrusion prevention system (IPS) to detect and prevent vulnerability exploits on your network. Or maybe you'd like more security information and event management (SIEM) to provide real-time analysis of security alerts. In either case, running these tools is a full-time job. Sticking with the DIY path, instead of going with a managed security service provider (MSSP) or a managed detection and response (MDR) solution, means you'll need someone in house.

Hiring top tech talent is always HARD, and this task is exacerbated by cybersecurity talent shortage. At ActZero, our process routinely takes about 3 months, 100 applicants, and 80 person-hours plus recruiter, background check, and other fees to successfully hire a single highly-qualified analyst. Each hire, though, has a crisp ROI; we understand the value an individual must provide to our organization and that understanding means we can specifically target candidates who will excel in the job that benefits us most.

With cyberattacks growing in frequency and intensity every year, boards and executives have realized cybersecurity is a business issue. As a result, competition for talent is fierce. Some estimates peg the global shortage of talent at 3.5 million unfilled cybersecurity jobs by 2021. That's a 350 percent increase in open cybersecurity positions since 2013, with no signs of slowing. Cyber professionals have their pick of amazing opportunities and therefore when you decide to hire one, you must be prepared to invest the time, effort, and money to sell your role to potential candidates.

Why They May Leave

Hiring an amazing candidate is only the first step. Those other offers that your analyst turned down to work with you are still available to them. Fail to successfully on-board, ramp-up, motivate, engage, and grow your new employee and they will quickly leave for another opportunity.

Ask yourself these questions: What is their on-boarding plan and does it have clear objectives? How do they fit into your organization? Do they have a growth plan? Can you provide all the equipment that they need to be successful? What's your budget to fill gaps in their toolchain and processes so that you can get the ROI you desire from their position?

Unless you are mindful, your analyst's day-to-day job that can quickly devolve into a slog once they are on-board. For instance, if you have invested in a SIEM (despite the challenges with SIEM discussed elsewhere), how soon before your analyst gets buried in alerts spawned by false positives that require investigation to rule out, or escalate? The vast number of alerts generated by a SIEM (especially one that hasn't been tuned optimally) requires a tremendous amount of work to manually triage.

Beyond this alert fatigue, though, burnout is a genuine concern. A single analyst can easily get stretched thin. Do you expect them to monitor your business 24-7-365? How quickly do they have to respond to a critical incident? Do they have any backup support in the event of a major attack? Can they take a vacation? Can they get sick? Answering these quality-of-life questions will help you retain your analyst, but may come at the cost of a second or third recruit.

Without a CISO or Security Director to set the stage at a policy level, an individual security analyst can be somewhat adrift within your company, without clear mandate or agenda within your organization. Perhaps an IT leader can fill this void, but I've learned through my career that they often lack the specific security knowledge to guide (and grow) analysts.

To retain your security analyst, you'll need to invest in training, conferences, certifications, and new technologies. In doing so, you essentially proceed down the complex, lengthy, and expensive path of building your own SOC, which you tried to avoid in the first place.

If your analyst ultimately decides to leave, you'll feel their departure in some major material ways. You'll experience the tangible costs to backfill and train the new hire. Worst, your employee may leave with undocumented knowledge of your systems or projects. Worst yet, if they were burnt out, they may leave a poor review of your company on a job board. Any negative publicity will impact your ability to hire a top talent backfill.

What Can You Do to Try to Keep Them?

Losing a critical employee can significantly hurt your business. There are things you can do, however, to create an environment that motivates, rewards, and ultimately retains your security analyst.

First, be honest. When you hire them, clearly articulate your expectations. Let them sign up for the job you need them to perform.

Second, provide support. If they are working, so are you. Make resources (like non-cyber members of your IT team) available to help them in a pinch. Everyone wants to feel like their leader has their back.

Next, foster open communications. Plug them into your helpdesk so that they have visibility into issues that end-users are reporting. Helpdesk can act as a filter, relaying only the actual security-related issues to your analyst. A word of caution: your helpdesk team may not know when an issue is actually an indicator of compromise. Consider cross-training to address this gap.

Then, working with IT leadership, have your security analyst develop an incident response plan. Keep in mind that a single analyst will be woefully insufficient to tackle a full-blown incident by themselves. Other business units should support this undertaking, and so you should involve operations (see our post on how they can help during a breach), customer support, PR, and others. Build playbooks and then test them through Game Day exercises in advance. For more on this, check out our Elite SMB Incident Response guide.

And finally, invest in your analyst. No one wants to feel stagnant in their role, and by helping your security analyst grow you develop a better performing and more loyal employee. Yes, you risk them leaving for somewhere else as they become more equipped, but remember what Richard Branson said: "Train people well enough so they can leave, treat them well enough so they don't want to."

How ActZero Can Help

Hiring an in-house security analyst can create a powerful asset for your business. However, if you've decided that this goal isn't achievable for your organization without massive spending on the right resources (check out our business case for more on what it actually costs to build an effective 24/7 SOC) then consider ActZero's managed detection and response (MDR) service to gain access to our exceptional people and innovative technology, for an all-inclusive low monthly fee. We strive to hire, develop, and retain the best so that you can focus on what you do best: grow your business.

Contact ActZero today to find out how you can secure your business at a price friendly to the small-to medium-sized enterprise.


How These Companies Are Celebrating Asian American and Pacific Islander Heritage Month

According to a recent study, anti-Asian hate crimes have risen 150% since the pandemic started. But these acts of violence are not new — they are part of a much larger history of anti-Asian racism and violence in the U.S.

That makes celebrating Asian American and Pacific Islander Heritage Month (which was named a month-long celebration in May by Congress in 1992 "to coincide with two important milestones in Asian/Pacific American history: the arrival in the United States of the first Japanese immigrants on May 7, 1843 and contributions of Chinese workers to the building of the transcontinental railroad, completed May 10, 1869") this year all the more important.

Autodesk, Inc.

How Embracing What She Doesn’t Know Led Autodesk’s Arezoo Riahi to a Fulfilling Career in DEI

Arezoo Riahi isn't a big fan of the "fake it till you make it" approach. She'd rather ask for the help she needs and learn from it.

Autodesk's Director of Diversity and Belonging joined the design software company from the nonprofit world after a long career in connecting people from different cultures. While her work had been deeply rooted in DEI values, there were certain parts of the strategy-building aspects to her new role that she wasn't sure about.

"If you know it, show up like you know it. If you don't know it, you shouldn't fake it. And Autodesk didn't shame me for not knowing everything. They helped me, and the entire team, by providing the resources that we needed, bringing in outside expertise to help teach us when we were in new territory," says Arezoo, who has been at Autodesk for three years now, during which she's been promoted twice into her current role.

We sat down with Arezoo to hear more about her path into DEI work, what she thinks the future of that work must include, and what advice she has for women looking to build fulfilling careers, from knowing what you don't know and beyond.

LogMeIn Inc.

Behind-the-Scenes: Sales Interview Process at LogMeIn

Get an inside look at the interview process for sales roles at LogMeIn, one of the largest SaaS companies providing remote work technology, from Michael Gagnon, Senior Manager of Corporate Account Executive Sales.

Procore Technologies Inc

How Being an Open Member of the LGBTQIA+ Community Has Helped Procore’s Alex Zinik Overcome Imposter Syndrome at Work

Alex Zinik wasn't surprised that she started her career in education—she decided she would become a teacher when she was just in third grade.

She was surprised while working as a paraeducator in the school system and preparing to become a special education teacher, she discovered that it didn't feel quite right. "I didn't know if that's what I really wanted to do," she recalls.

So a friend suggested she take a job during her off summers at construction software company Procore. She thought this would be the perfect opportunity to try out this new challenge, and if she needed to, she could go back to the school district once the summer was over.

"Five summers later, I'm still here!" she says, smiling. "And I see myself here for many more years. I just fell in love with the company, the culture, and with the career growth opportunities I was presented with."

As part of our Pride month celebrations, Alex, currently the Senior Executive Assistant to the CEO at Procore, sat down with us to share how a common fear—the fear of being found out—underlay the imposter syndrome she felt when pivoting to an industry in which she lacked experience, and the anxiety she often felt before coming out to her friends and family about her sexuality.

Read on for her insight on overcoming negative thought patterns, being yourself, and paying it forward.


The Outlook That Helps CSL’s Paula Manchester Invest in Herself and Her Team

If you told Paula Manchester that you weren't good at math, she wouldn't believe you.

"That's a global indictment," she says. "'I'm not good at math' implies that you don't have the ability to nurture that muscle. And then I'd ask what kind of math? There's a lot to math."

© Rebelmouse 2020