Our last article spoke about the need to provide belongingness to your staff. In truth, if you've ticked off most of these needs so far, you'll hopefully beat that 50% retention rate.

Your operation centre will be a good place for junior staff to work, and you'll only have to hire when your team moves on and moves up. Which is a nice feeling to have, and not all security operations centres can say that.

But if you want to break that cycle of constantly hiring new staff, you need to learn how to keep your team happy and cater to their Esteem needs.

SOCs have historically and unconsciously done this via a TIER staffing system. So you have multiple tiers of staff. Generally, these are associated with more responsible roles within the operations. A good Security Centre will have a progression pathway for these analysts to move up to the higher positions.

Staff then work towards those higher tiers, getting them those feelings of prestige. But there is a problem with relying on promotions alone to give your team this feeling of accomplishment. It tends to be short-lived, and in 6 months, that analyst will be looking for the next boost, potentially prematurely.

Another subsequent issue of having a tiered soc means you are limiting your progression and options for SOC staff, as it's almost always a one in and one out scenario.

Another factor is that progression and promotions may be governed more by HR than you as a manager, so be conscious that you can only work with what you can. If you can't offer pay rises or promotions when warranted, you will need to find a way to encourage a feeling of prestige and accomplishment.

Accreditation

One method may be to offer certifications from known trainers. If you decide to provide paid-for training, ensure it is provided to all, and if you are picking a particular provider, make sure there is enough training in scope that can cover multiple years of growth within the SOC.

SANS are an excellent training provider for blue team relevant security courses, and I'd highly recommend them. However, offering this training to the team can quickly use up any available training budget, and SANS isn't always the right option for all staff.

Sometimes it's more practical to offer cheaper courses to the junior roles, who are less likely to benefit from the more advanced SANS courses.

Here are two courses that I'd recommend for junior SOC staff if budgets don't allow for SANS courses.

However, one sure way to lose staff is not to provide training opportunities.

Training Pathways

Staff provided with a training pathway are likely to stick around longer if they know what is in their future. In addition, providing a training pathway is a great way to demonstrate to them the value of your organisation.

I've had great success with retention by offering more expensive training courses for longer serving staff members and justifying this to HR and unions by showing that the individual was completing their training pathway.

Equally, though, make sure your pathway has some flexibility; forcing analysts down a path that they don't want to walk down can quickly turn that boon of a training pathway into a reason to leave your team.

Skills Pathway

Even more beneficial than a training pathway is a skills pathway, an outlined journey of skills individuals will acquire as they stay and grow with the company.

Tie this in with both your tiered structures, your training pathways, any business operations your team performs, and your showing your staff the benefit to them, enabling that feeling of accomplishment.

Until next time!

LR