11 things you might not know about security operations center burnout

Managers and industry leaders are beginning to address mental health in the IT world - and here are symptoms to look for and solutions to try.

Managers, industry experts, and IT professionals are starting to replace the tough guy image of the IT security world with something healthier.

Black Hat USA introduced mental wellness sessions in 2018, the theme of RSA 2020 is "The Human Element," and a new e-book challenges companies to address burnout in security operations centers.

Dan Kaplan, director of content at Siemplify, wrote "The Art of Recognizing and Surviving SOC Burnout: A Complete Manual for Security Operations Professionals." The two-part e-book includes a test to measure personal burnout and lots of advice on how to cope with and avoid the problem. The e-book has advice from a Redditor, senior security architects, and experts from the National Academy of Medicine. 

Security operations analysts at all levels, engineers, architects, and managers in the enterprise or a managed security services provider can find something helpful in this e-book. 

SEE: Phishing and spearphishing: An IT pro's guide (free PDF)

This synopsis highlights what symptoms to look out for, what's different about stress in security operations centers, and how team members and leaders can change their ways to create a healthier work environment and still defend the security perimeter.

Three types of burnout

Stress may look the same from the outside, but there are different causes and results of overload at work. Here are the three main types of burnout:

  1. Frenetic burnout - This is what happens to a typical "workaholic" who pushes themselves to the point of exhaustion to succeed at all costs.
  2. Boredom burnout - This is often caused by monotonous and unexciting work environments and results in indifference.
  3. Worn-out burnout - This group of people have lost all motivation and feel detached from their work due to overwhelming stress and lack of appreciation.

It's easy to dismiss these feelings as fatigue or a bad mood but researchers have found ways to measure burnout in individuals. 

The Maslach Burnout Inventory measures emotional exhaustion, depersonalization, and levels of personal accomplishment. If work is high stress for too long, people feel exhausted and disconnected from work, which inevitably affects productivity and quality of life.  

Why is it worse in the SOC?

Most people working in IT have more tasks than hours in the day and not enough colleagues for sharing the load.

There are three pressures that are unique to security operation centers. Amanda Berlin, CEO of Mental Health Hackers who is also a senior security architect at a threat detection vendor, listed three workplace factors that work can contribute to burnout. 

  1. Being a cost center - Security operations don't bring in revenue but they are vital to doing business. This means tight budgets and less-than-ideal working conditions. Although this kind of thinking has started to change, many SOC analysts still don't have much influence in operational decisions.
  2. Working in dark corners - Humans need natural light to function properly and office workers who have a window to the outside are actually more productive than people who don't. Security operations centers are often in basement rooms or cramped quarters. This kind of physical environment combined with shift work and constant exposure to LED screens and artificial light takes a mental toll.
  3. Dealing with data overload - Enterprise Strategy Group estimates that companies use about 50 security tools from 10 vendors to identify, investigate, and analyze threats. Security analysts face alert overload and high numbers of false positives. On top of all that, doing the same manual tasks over and over again is boring. These conflicting factors are a perfect recipe for physical, emotional and behavioral burnout. 

Advice for employees and managers

Here are three tips for people on the security team and two for people leading the group.

  1. Turn off email and mute Slack - Humans are not meant to multitask. One tactic for coping with the ongoing interruptions of email and IM is to turn off both for 45 minutes every hour. Focus on one task for an uninterrupted stretch of time and then spend 15 minutes on email. 
  2. Accept your boss as a flawed, imperfect person - If you can change your perspective on your manager, you can reduce a big source of stress. Managers can always do better, but it's pointless to hold them to an impossible standard. The SOC team leader is probably as stressed as everyone else. 
  3. Hand out compliments - Workplace relationship psychologist Paul White polled 130,000 workers and found nearly two-thirds hadn't received positive feedback in the past 12 months. Taking time to show gratitude builds better relationships with co-workers and is a small way to balance out the more negative elements of work. Think back on your week and find a reason to say "Thanks," or "Well done" to a colleague. This may take a little practice and sticky notes work just as well as a face-to-face conversation. 

Just as employees can change their own ways, managers also need to start doing things differently to reduce stress levels and the risk of burnout.

  1. Require real vacations - Companies that want to reduce burnout should encourage employees to use up every day of vacation time, not make people feel guilty about taking time off. Managers should also set an example of disconnecting during PTO and staying off email.
  2. Incentivize managers - Another way to reinforce the importance of avoiding burnout is to make team leaders more accountable for the mental health of their team members. This means establishing incentives to avoid burnout instead of encouraging it. Leaders who bring in extra resources when the team is overwhelmed or give positive recognition for work well done should be rewarded for those efforts.

Jesse Emerson, vice president of managed security services at Trustwave, also recommends scheduling analysts for no more than four hours "on console" and building task rotations into these shifts to create variety and avoid boredom burnout.

Also see

screen-shot-2020-02-20-at-5-39-09-pm.png

Stress researcher Hans Selye identified three distinct stages that the body goes through when experiencing stress, something that most IT security professionals experience on a daily basis.

Image: Siemplify