Today's Deal
Which IT career is right for you? Take the free career exploration quiz.
You are here:
/
Home
/
Articles About Certification
/
Even Amidst Pandemic, Security Operations Remains a Realm of Negative Unemployment

Even Amidst Pandemic, Security Operations Remains a Realm of Negative Unemployment

I first heard the phrase "negative unemployment" earlier this week. It happened in the context of an interview with a senior security analyst who works for a technology firm that supplies SOAR (Security Orchestration, Automation and Response) tools to other security companies, managed security service providers, and nice chunk of the Fortune 1,000.

 

Let's call him Mr. X, and his company Xcom. When I asked Mr. X what the phrase signified, he said that it means there are more jobs open in Security Operations Centers (SOCs) around the world, than there are qualified people to fill them. "If that's not negative unemployment," he went on, "I don't know what is."

 

He observed further than anybody who worked in his organization could hit the streets today and have a new job tomorrow. "Even with the pandemic raging?" I asked. "Even with the pandemic raging," he replied.

 

Keeping Security Pros Is All About Retention Strategies

 

As it turns out, Mr. X's own company employs more than a hundred security analysts. And as his company grows, he's going to need more of them to support that growth. Thus, his company has spent a lot of time thinking about retention strategies.

 

Xcom needs not only to attract the best and brightest to fill its security analyst  jobs. It also needs to to keep those people over time as their careers grow, and their interests and goals change. This turns out to be an interesting challenge.

 

Xcom has responded by looking very seriously at what's involved in doing a security analyst's job. They've defined three tiers of security analyst positions, named Level X Security Analyst, where X can be 1, 2, or 3. For each level Xcom has a well-defined set of technical and soft skills requirements.

 

Level 1 Analysts who enter the company must complete a nine-week training course before they sit down at their desks to do the job "for real." During that nine-week period, they get trained on the nuts-and-bolts requirements involved in doing the job, and they get to shadow other people already doing the job to see how it's done in production mode.

 

They also learn how to work a security incident, when and how to escalate an incident, how to participate in after-action reporting, and most of the other day-to-day tasks and activities that a Level 1 Security Analyst faces while doing the job. Once they make the grade and start working for real, they have regular opportunities to attend training classes and to pursue various areas of security specialization.

 

Because Xcom makes heavy use of automation in its SOC, they also seek out individuals with programming or scripting skills to fill Security Analyst jobs. Their preference is for people with a basic working knowledge of Python, but for those who lack (or wish to sharpen) such skills — you guessed it — on-the-job training is available.

 

Adding Levels to Security Analyst Status

 

At Xcom, climbing from Level 1 up to Level 2, and then from Level 2 up to Level 3, requires more than "time in grade." Level "n" analysts who wish to become Level "n+1" analysts have access to a set of requirements they must meet to qualify for a level-up maneuver.

 

This includes some time-in-grade, but it also includes taking on added responsibilities during the company's quarterly security exercises. Those exercises include "red teams" and "penetration testing teams" who take on adversarial roles in foisting simulated (but deadly serious) attacks in the former, and who attempt to use all their skills and knowledge to break into Xcom's infrastructure working for the latter.

 

Certain certifications — many from the SANS GIAC program — also play into this mix, along with a roster of training classes offered through Xcom's in-house learning management system (LMS).

 

All in all, says Mr. X, the annual training budget for security analysts is around $10,000. He goes on to observe that management watches carefully to make sure that managers (and analysts) consume as much of that budget as possible. Career and career growth planning is also an important part of Xcom's annual review process for security analysts.

 

Analysts are always asked to envision themselves, three-to-five years from now, in a specific and more senior security role. Management and HR work together to make sure security analysts understand what it will take them to get from they are to where they want to be, and coordinate with them to create and manage training plans and schedules to help them on their way.

 

That's the kind of thinking that technology companies need to incorporate into their cultures and mindsets if they want to keep their people around (especially the best ones). I can understand why it's such a vital element for building and retaining security staff.

 

But it's a good model for rethinking how companies and employees collaborate to make work, life, and the world a better place to live in. All I can say is that companies and organizations that don't move themselves into this way of thinking will pay for it down the road, as their most valued employees defect to join other outfits that do this kind of thing seriously, routinely, and enthusiastically.

 

Shoot! I want to work for a company like that myself.

 

MORE HISTORIC HACKS
Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
Historic Hacks 1990s-Part 1
Historic Hacks 1990s-Part 2
Historic Hacks 2000s-Part 1
Historic Hacks 2000s-Part 2
Historic Hacks 2010s-Part 1
Historic Hacks 2010s-Part 2
"Who Invented the Computer?" Articles
Want more insight into the history of the computer? Check out Calvin's other articles in this series:
WItC? Series Introduction
WItC? Charles Babbage
WItC? Ada Lovelace
WItC? Lord Kelvin
WItC? Differential Analyzer
WItC? Vannevar Bush
WItC? Alan Turing
WItC? Tommy Flowers
WItC? John Atanasoff
WItC? The ENIAC Six
WItC? Torpedo Data
WItC? Grandma COBOL
WItC? The Transistor
WItC? TRADIC
WItC? John Backus
WItC? SAGE
WItC? The PDQ Posse
WItC? Thomas Watson Jr.
WItC? SABRE
WItC? Ben Gurley
WItC? Spacewar!
WItC? Ivan Sutherland
WItC? John G. Kemeny
WItC? Joseph Weizenbaum
WItC? Star Trek
WItC? The Rise of ATMs
WItC? Mouse Men
WItC? HAL 9000
WItC? Douglas Engelbart
WItC? DARPA
WItC? ARPANET
WItC? Unix
WItC? Floppy Disks
WItC? Gary Starkweather
WItC? Microprocessors
WItC? Dennis Ritchie and C
WItC? Norman Abramson
WItC? Nolan Bushnell
WItC? Ralph Baer
WItC? Seymour Cray
WItC? The Altair 8800
WItC? Gary Thuerk
WItC? Print Magazines
WItC? Apple II
WItC? France Telecom
WItC? Dan Bricklin
WItC? The IBM 5150
"Work on Your Wellness" Articles
Want to improve your health and live a better life? Check out Reena's other articles in this series:
WOYW: Get Enough Sleep
WOYW: Exercise
WOYW: Eat Right
WOYW: Socializing
WOYW: What's Your Hobby?
WOYW: Take a Vacation
WOYW: Setting Boundaries
WOYW: Therapy & Counseling
WOYW: Social Media
WOYW: Screen Time
WOYW: Vitamins
WOYW: Community Service
WOYW: Continuing Education
WOYW: Organization
WOYW: Reading
WOYW: Setting Goals
WOYW: Mindfulness
WOYW: Work from Home
WOYW: Walking
About the Author

Ed Tittel is a 30-plus-year computer industry veteran who's worked as a software developer, technical marketer, consultant, author, and researcher. Author of many books and articles, Ed also writes on certification topics for Tech Target, ComputerWorld and Win10.Guru. Check out his website at www.edtittel.com, where he also blogs daily on Windows 10 and 11 topics.

Privacy Policy Update
We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)
What Others are Reading
Entry-Level Certified in Cybersecurity (CC) Credential Is Catching on Fast
Gigging for a Living: The Six Best Places to Look for Freelance IT Work
Work On Your Wellness: Setting Goals
Who Invented the Computer? Norman Abramson and ALOHAnet
The ChatGPT Gold Rush Is On: Training and Certificate Options Abound
More in 
Articles
Popular Quizzes
A+ Practice Quiz: 220-1102 Quiz 20
Microsoft Office Specialist Practice Quiz: Excel Expert Quiz 1
Microsoft Certified Practice Quiz: Windows Server Hybrid Administrator Associate (Core: AZ-800) Quiz 12
Linux+ Practice Quiz: XK0-005 Quiz 10
Tableau Quiz 1
More in 
Quizzes
Advertise
|
Contact Us
|
Terms
|
Privacy

Copyright © 2023 TestOut Corp. Copyright © CompTIA, Inc. All Rights Reserved.
Use of this web site constitutes acceptance of the GoCertify Terms of Use and Privacy Policy.

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |