Human resource management in SOCs: here’s how to ensure the success of cyber security programs

 | Business ,Human Resources

In the company organization, the CISO (Chief Info security Officer) is responsible for this aspect on whose correct management the success or otherwise of a Security Operations program (SecOps) can depend.

During a recent meeting with a CISO Group of the Fortune segment in London and organized by two important Venture Capital specializing in cyber security, I happened to acquire some of the wishes of these professionals, as well as some ideas on what the areas of greater focus in the departmental organization of Security Operations (SecOps). Here are some points of possible interest.

The processes can be designed and documented, the technologies purchased and implemented, but people are very often the X factor in the equation.

Anyone who has worked in SecOps knows that people can make a team extremely successful or break it up quickly . The problem is most felt in Italy, where a security analyst of a moderately advanced profile is paid for by weight of gold and, more and more often, accepts offers abroad. These market offers increase proportionally to the skills and experience of the candidate himself.

It is automatic to consider the factor of the so-called employee retention as crucial , ie the ability of a company to retain talents with above average skills within them. The ability of a CISO to perform retention is increasingly included in its KPIs, as the loss of an analyst usually has an impact both in direct economic terms and in operational risk .

It is therefore a question of managing the so-called ” skill shortage ” which, in the case of SecOps, relates not only to the lack of neutral figures to fill a chair, but to a potential vulnerability in the organization. Let’s see how to get around this.