It is no secret that there is a global shortage of cybersecurity professionals. Independent security certification organisation, (ISC)² publishes an annual report focused on the cybersecurity skills gap. Up until last year, it had consistently found a widening skills gap. However, in 2020 this gap narrowed somewhat – from a deficit of 4.07 million professionals to 3.12 million. While this is a promising trend, there is still a big gap.
In looking specifically for a Security Operations Center (SOC) analyst, the cybersecurity industry needs to think outside of the proverbial box to find professionals with the right skills to be an effective analyst.
Look from within
The most important skills to look for are critical thinking, an analytical approach to problem solving, and the ability to not lose sight of the forest for the trees – yet still see the trees. That is, candidates will not be so overly focused on small details, which are critical, but they should be able to have a clear grasp of the bigger picture. Importantly, these types of individuals already exist in most organisations. For example, quality assurance professionals understand the entire functional and non-functional scope of an application, how that application fits in the overall enterprise ecosystem, are highly collaborative in the way they work, and are detail-oriented.
Therefore, most organisations seeking to hire SOC analysts can absolutely look within their own four walls to identify people with innate skills who are also intellectually curious and good team players. Seeking individuals from within the business also means that they will already have at least a cursory knowledge of the business, how it is run, and its values.
Don’t undervalue the person
Also bear in mind that cyber threats and adversaries are not all the same, so having SOC analysts with different backgrounds, interests, and skills may help identify different patterns or different ways of adversarial thinking. Yes, it is important to have SOC analysts with technical skills. However, the most critical part of any SOC is the people that comprise it. After all, it would be erroneous to spend significant budget on technology without the people to manage and underpin it all.
While there are no overrated skills for a SOC analyst, it is important to keep in mind that a SOC is effective because of the people, process, and technology. The people component has typically been underrated. Indeed, it is not realistic to think that every SOC analyst is going to have a 4.0 GPA in computer science, mathematics, or software engineering from a top university.
When looking to recruit a SOC analyst, keep in mind the importance of people and their uniqueness as strength often comes from diversity.
What about certifications?
There are constant debates about the importance of certifications for a SOC analyst. While a certification may be valuable once a SOC analyst is in a particular position, focusing solely on certifications when hiring will almost certainly eliminate potential hires with strong critical thinking and analytical skills. Focusing on certifications alone significantly narrows the pool of candidates. For many, achieving certification may be a financial barrier or there may be other reasons why they have not chosen that path.
Though it may be tempting to discard CVs that don’t come with a string of letters attached to their names, actively seek out candidates with relevant experience, or those who demonstrate the desire to learn new skills with a passion for cybersecurity. For instance, have they set up any side projects? Are they involved in threat intelligence communities? Remember, the biggest threat to cybersecurity is the human element – whether internal or external, whether malicious or accidental. Therefore, in defending against that human element, don’t overlook these personal characteristics when selecting SOC analysts.