Top 10 challenges preventing security analysts from doing their best work (based on data)

Written by Eoin HinchyCo-founder & CEO, Tines

Published on March 21, 2022

This article was posted more than 18 months ago.

Security teams want to accomplish their best work — but they're being prevented from doing so.

We recently surveyed 468 full-time security analysts for our 'Voice of the SOC Analyst' report to learn more about their day-to-day workloads, successes, and concerns. What we found was that seven out of ten analysts are either somewhat or very burned out, and that six out of ten analysts want to find a new job in the next year.

This doesn't sound like analysts who feel like they're doing their best work. So what's going wrong?

At Tines, we want security teams to be happy, efficient, engaged, and dedicated to helping resolve the SOC's day-to-day challenges. So, to uncover the place to start improvements, we asked analysts to name their biggest challenges that are roadblocks to their team's success and prevent them from having a good day at work.

Top 10 challenges preventing security analysts from doing their best work

1. They're understaffed.

The number one thing preventing security teams from doing their best work? A lack of people. But SOC analysts aren't just looking for more colleagues just to have more colleagues — they need others to likely lift the burden of too much work. As we found in our survey, analysts are spending too much time on tedious tasks. More staff will help them catch up to the present and have time to plan for the future.

2. They're spending too much time on manual tasks.

They're also spending too much time on manual tasks throughout the day, which can be mundane, repetitive, and tedious, leading to disengagement and burnout. However, many of these tasks could be easily automated to free up their time for higher-impact activities.

3. They have poor visibility into their environment.

Security teams need to be able to proactively defend their organizations, meaning they need to have visibility into their environment to detect threats or respond to other malicious activity. Yet SOC teams say they don't have that visibility, meaning that they're lacking updated resources or tools to do their job efficiently.

4. They're challenged by poor processes.

Poor processes are another contributor that prevents them from doing their best work, adding friction to already time-sensitive tasks rather than streamlining the detection and response process. Security teams may also have outdated or poor processes because they're too busy handling tedious tasks that keep them from addressing their operations.

5. They're getting too many alerts.

Security teams are flooded with alerts every day, which is a challenge if there are too many to handle and too many false positive alerts that need follow-up. This creates a lot of noise that keeps security analysts from seeing the true alerts that need attention, and chasing alerts keeps them from more valuable tasks.

6. They're bored.

When analysts do the same tasks over and over again during the day, only to repeat them the following day, they're bound to get bored. This challenge is also a flag for retention in that bored employees are not fully engaged with their work, which could lead to them missing something critical or handing in their notice.

7. They're experiencing leadership issues.

Another challenge for some security analysts is their leadership, who could be enforcing poor processes, be failing to implement better tools for their teams, or have different security priorities than frontline analysts. Poor leadership is also a major contributor to burnout and turnover.

8. They lack training.

Some analysts also feel that they don't have the proper training for what they should be doing, creating hurdles to successfully protecting their organization.

9. They have challenges with compliance.

Staying compliant with security standards and regulations is also a challenge, meaning that they're either having trouble keeping up with compliance or aren't sure what they need to do to reconcile their security strategy with changing regulations and standards.

10. They're dealing with clunky, outdated, or misconfigured tools.

Finally, analysts cite outdated or misconfigured tools as a challenge to performing at their best.

Facing the Challenges 

SOC teams facing the myriad of challenges mentioned above are not only being prevented from doing their best work. If the challenges remain unaddressed and ongoing, analysts will lose their interest and be at risk of leaving due to frustration, stress, and overwhelm. The bottom line, listen to your teams and implement solutions to help them do their best work.

Want to read the full Voice of the SOC Analyst report?

Voice of the SOC Analyst

Read the report

Built by you,
powered by Tines

Already have an account? Log in.