What does the rise of remote security operations centers (SOCs) mean for cybersecurity jobs? The longer people work from home during the pandemic, the more they rate remote working a success for their companies. While companies of all sizes are still working out the details of what the return to work looks like, the consensus is overall the same — the pandemic forever changed how and where we work. At first glance, it’s easy to assume that highly collaborative positions, such as SOC analyst, will return to the office full time. After all, they relied on physical infrastructure before. However, as many companies plan their post-COVID-19  workforce, many expect to keep using a hybrid or remote SOC. This mirrors the pattern of the workforce at large.

In June 2020, 73% of employees and employers rated remote work as overall positive in the PwC Remote Work Survey. A January 2021 survey of the same people found an increase of 10% to 83% positivity. In addition, in January 2021, 52% of employers reported they were more productive during remote work, up from 44% in June. What does this mean for the ways we work?

How the Remote SOC Adds New Challenges

According to the State of Remote Security Operations report, 26% of respondents report it will be at least a year or longer before their teams return to the office or that their SecOps team does not ever intend to return. While some experts were concerned about the effects of remote work on employees, the survey found that 31% of employees reported their morale did not change and 39% reported their SOC morale improved.

However, working from a remote SOC is presenting some more challenges for SecOps teams. The biggest is the increase in cybersecurity threats since the pandemic began. The report found that, although alert volume is higher than before the pandemic, checking out suspicious alerts is more challenging while working remotely. Likely adding to this is the fact that working with peers is more difficult (47%) and problem solving and alert handling are harder from home.

How to Overcome Long-term Remote SOC Working Challenges

Remote work comes with some major benefits, such as higher morale and productivity. Therefore, team leaders should work to design a remote SOC model that helps overcome the challenges while gaining the benefits of having a remote team.

Recruiting and Career Path

With remote teams, SecOps no longer must select the best person for the position — either internally or externally — based on location, but can look for the best person overall. This can increase a company’s overall cybersecurity both by reducing the number of positions needed by achieving the best fit for each position through a remote SOC.

SHRM predicts that virtual hiring is here to stay even once the world fully opens back up. After all, it can speed up the hiring process. With video interviews, SecOps teams can more quickly fill positions. This also allows you to set up interviews for the candidate with the team member best able to assess technical skills. Now, it doesn’t matter if that person is across the country or globe. Organizations should also continue to focus on improving diversity, especially in terms of hiring more women. By redesigning the recruiting process long-term to include video interviews, you can improve efficiency and hiring decisions.

Training and Skills Gaps for the Remote SOC

To help combat the new challenges of a remote workforce, many organizations are moving to a zero trust approach. Zero trust systems rely on the expertise of external experts and artificial intelligence. This reduces the amount of specific knowledge each team member needs. In addition to improving security, zero trust can reduce the skills gap, which can then lower the number of open positions.

In terms of traditional training, many formerly in-person trainings have moved online due to the pandemic. Remote trainings are likely to continue after the pandemic is over. Simulations, which can be performed with an entirely remote SOC team, are one of the best ways to train. With these, teams can battle the exact strategies and tools that threat actors use.

Talking and Working Together

While remote connections and teamwork are not a challenge unique to remote SOC jobs, the stakes are higher on a SecOps team. Confusion can mean an attack that costs millions instead of a missed project deadline. Because a lot of communication hinges on interpersonal relationships, your team should focus on building culture and relationships. There is no substitute for getting to know someone in person. So, even remote SOC teams should aim to have in-person gatherings at the office at set intervals.

The key to creating long-term solutions for collaboration for your team is to select a platform that allows synchronous communication and centralization of all project materials. Some teams also create a custom workspace based on their specific needs. By having everything in a single place instead of a mishmash of emails and calls, you can improve communication. Your remote SOC team likely has some version of this already. However, you likely need to expand the use and functionality for long-term remote work.

Ethics

Every day, your SecOps team makes decisions with ethical implications. Even more, your team must use ethics in all aspects of their work since they have access to sensitive information and networks. Ensuring that your team continues on the right path in terms of ethics while remote is twofold.

First, focus on communication and collaboration. Create the relationships necessary for working together on decisions that often fall in an ethical gray area. Otherwise, your team might develop conflict, because they can’t see other people’s perspectives well without the foundation of a relationship. Second, remember your remote team has more chances to make poor choices in terms of ethics. By building accountability, checkpoints and visibility into your processes, you can ensure that your team is following the code of ethics you’ve established.

By proactively designing processes and a culture that work with a remote or hybrid SecOps team, you can continue to hire and retain top-quality employees. Companies that expect employees to return to the same schedules and full time at the office without flexibility are likely to lose talent to competitors. With a strategic approach, you can provide flexibility for your SOC analysts and effectively secure your organization at the same time.

More from Zero Trust

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today