Listen to learn about recent SOC analyst survey findings conducted by Tines (with information about cybersecurity burnout).
"I feel like many data security professionals feel like they're doing the right thing and making a difference, but there was a huge amount that said they were burning out. 65% of cybersecurity workers said they plan on leaving their jobs in the next 12 months."
Thomas Kinsella (COO and Co-Founder - Tines) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss the recent SOC analyst survey findings conducted by Tines (with information about cybersecurity burnout).
Resources:
Listen to "The Future of Security Operations" Podcast by Thomas Kinsella - https://open.spotify.com/show/2ViUFqBCqTAe0EPdnY3KPw
Download our Guide to PCI Compliance! - https://www.securitymetrics.com/lp/pci/pci-guide
Download our Guide to HIPAA Compliance! - https://www.securitymetrics.com/lp/hipaa/hipaa-guide
[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Hello, and welcome back to the Security Metrics podcast. I'm Jen Stone. I'm one of the principal security analysts here at Security Metrics. And today, I'm very excited to have with me, Thomas Kinsella. Thomas is the cofounder and COO of security automation company, Tynes. Prior to starting at Tynes, Thomas ran the security operations team at DocuSign, growing it from two to thirty people responsible for incident response, threat intelligence, security infrastructure, fraud, and more. He also worked in tech technical investigations in eBay and PayPal and in professional services.
At Tynes, Thomas is primarily responsible for the pre and post sales engineering function. He has a degree in management science and information system studies from Trinity College in Dublin. So, obviously, we have some very technical things. We're gonna try and keep it so that our whole audience understands, but we might go a little deep dive. I'm not sure. Thomas, really happy to to have you with us today. But with your security operations background, I think we're gonna learn a lot from you.
I've been looking forward to it for a long time. Thank you very much. It's great to be Anja.
Can you tell me a little bit more about Tynes before we get started?
Yeah. Sure. So Tynes is a security automation company. So we're a very easy to use no code platform that allows analysts and engineers, people that work in security, to automate their repetitive manual processes. So things like, responding to antivirus alerts or phishing emails, sim alerts, suspicious logins, all those sort of things, the processes that take a lot of time that I'm sure we'll be talking about during the podcast. We've got a very easy to use platform, that people can, yeah, get started on and automate their own processes.
And it sounds like, your background in security at some of these other organizations probably positioned you for a deeper understanding that's that that makes this, a meaningful work for you?
Yeah. Very much so. I spent a long time working in security operations, working in socks, and, yeah, learning how to do things and sometimes how not to do things as well. And it was really there that we felt some of the pain, of that a lot of people feel.
So, you know, too much too much work, not enough staff, that sense of inevitability around incidents. And we said one of the answers, not the only answer, but one of the answers is probably in security automation. So we looked at a lot of different platforms. We didn't really like them, and we said we thought we could do a better job.
And now, yeah, Tynes is four years old. We've got, like, loads of very, very happy customers, from small, you know, startups all the way up to incredible security companies and fortune fives with hundreds of thousands of employees, using the platform to automate a load of different tasks. So it's, yes.
It's it's been a good ride.
The, your support for for the site the SOCs, of of course, as a lot of people know, is the security operation center. And the security operation center as a security analyst, the the team from the SOC is a lot of the group that I will talk to about their security that that underpins compliance that that I tend to review. And so, really enjoy talking to people in that space because I I find a lot of interesting things happen from the security operations standpoint that give insight into what's really going on, in terms of network traffic, in terms of, you know, how people are interacting with, an organization.
Yeah. It's it's very it's very interesting. The people that are on the front line, they have such incredible visibility into what happens. And because of their jobs, they're kind of forced to, like, when an alert goes off, investigate it with very little information almost.
So as a result, they pick up a lot of intelligence and a lot of understanding about what's actually happening. They don't know all the time what's supposed to be happening. So if if you're talking to them, they can be, especially in compliance. They can be a a fashion of truth even if that's not always in the the interest of the company that you're that you're talking to.
That they can reveal a lot, but they also know those processes. They're very familiar with, like, how things are done because that's the because that's their job. So they're they're, yeah, they're they're extremely not often, they don't don't always have a lot of qualifications, but they're extremely smart, and they've got a really tough job.
Right. And do you know, I like that you said that the the idea that there aren't always a lot of qualifications for security operations professional. Because a lot of times people ask me, how do you get into cybersecurity? What's a pathway in? What is an entry level job? Do I need a degree? Do I need certifications?
But the security operations set of the SOC analyst is really a place where you can have little, background, little, training, and be put in a position where you can learn those things on the fly and really develop knowledge quickly because of that position?
Yeah. You can learn a lot. And you can come into it from a bunch of different roles. Right?
So you can come in straight at a college. You can come in from, like, an IT role, for example, or even a compliance role where you're exposed and you say, actually, this is this is really interesting. I wanna be more on the operational side of the house. But we do see a lot of people come in from, yeah, from IT where they're they they develop a little bit of a curiosity around, hey.
What's actually happening in the in the security world? And if you know much about the the cybersecurity world right now, it's really, really hard to hire good people. There's a lot of turnover. And as a result, it's somebody that's, you know, that's smart and has a bit of tenacity about them as working in IT and says they wanna work in the SOC.
The the security team will usually say, absolutely. Come come aboard and, and welcome them with open arms. So there's there's it's it's a it's a nice route in. And if if you find the right organization and they treat you well, it can be a really rewarding job as well.
Definitely. That that comment about, high turnover. There's a lot of reasons for high turnover, but I think that, Tynes really went the extra step to find out what's going on in the SOC world, how do people feel, and why. This is what really, spurred some interest in talking to you was the survey that you put out.
So, end of twenty twenty one, Tynes surveyed security analysts working at companies with more than five hundred companies. I found the results not just interesting, but actionable. And so I wanted to have you, come on and talk about it. Let's start with the basics.
When you when you said you interviewed security analysts, what did that really mean? What do these people do?
Yeah. So these are people that are working in security operations or in a SOC. So, specifically, people that are responding to alerts are responsible for building out detections on their, on their team. So, they're usually responsible for, yeah, responding to those same alerts, responding to those antivirus or those EDO alerts, and following that process of investigation to a resolution. So they can be tier one, tier two, tier three, tier four, things that you'll hear about if you're in a SOC. But, really, they're just the people that are on the front line that are building out, and responding to those, those alerts.
And did you have any insight into what level of, threat investigator, the level of SOC analyst responded to your survey?
Yeah. So there was a it was a, like, pretty pretty all over. So we had, fifty percent were level three. I think thirty percent were level two, twenty percent level one. Or there was a few others in there that didn't, didn't quite follow that follow that model. So some were very, very senior, or, like, see they're not always very senior, but some were some were quite senior, had, like, several years of experience, and some were relatively, relatively junior. But they also came from all different levels of the organization as well and all different, like, all different organizations.
Alright. And so a a lot of the organizations that we work with, at Security Metrics, they don't have their own SOC. Some of them do have their own SOC. Some of them don't have some of them, you know, as they're trying to grow and expand that they look at, you know, should we have our own SOC? Security Metrics actually offers a third party SOC. Like, so there's different ways for a SOC to work with customers. Right?
Yeah. Absolutely. And I think that's that's why I said it's, like, it's not just a SOC. It's like anybody that works in security operations or those people responding to alerts. So you don't have to have your own SOC. It could be that you work on the incident response team or you're the only person on or a junior person on the, on on the security team that is responsible for, for responding to those alerts.
So, yeah, that that they were the people that we surveyed. But, yeah, there's there's a lot of different there's a lot of different ways of interfacing. A lot of people have, as you say, like, those managed service providers or those, outsourced SOCs. And then some people decide, yeah. Actually, we wanna this is a core competency, and we need to take it a little a little bit more seriously, or we've got custom detections or an environment that's a little less standard. And as a result, they'll, they'll build an in and in high soccer, they'll build a security team internally responsible for building out those alerts, building out that infrastructure, building out those detections.
So so as a as a security analyst, the work that they do, is it typically just responding to alerts, or what kind of work do they how do they spend their time?
Yeah. I think, I I think they'd love to spend more time, not just responding to alerts. In reality, I suppose responding to alerts and then like, writing up the re the the results. So writing up the reports and things like that is where they spend a lot of their time.
So creating tickets, triaging, you know, copying and pasting your IPs into your threat intelligence tool to see is it good or bad, looking up a hash to see or maybe analyzing some malware to see is it bad. But I think the way they should, if they're, you're hiring you're hiring, like, paid like, very, like, high like, qualified security professionals. And as they as they learn more, they've got a ton to add. The things they'd love to be doing is developing new detections.
Right? Integrating new log sources, researching, like, techniques and procedures and tactics, updating documentation, investigating better threat intelligence, all that sort of stuff, is the stuff that they that a that a SOC is usually responsible for. Again, depending on the level and depending on the on the team.
But in reality, they spend a lot of their time, a lot a lot of tools these days, a lot of security tools generate a lot of alerts, and they can spend a lot of their time frustrated dealing with too many, hit too many noisy alerts that are causing them problems.
Right. That's actually, I hear that as well. Even as, you know, looking into compliance, one of the things that we look at is is, you know, how does your how do you respond to alerts? And typically, that's where we hear a lot of pain, is that they they know that there's ways that they could bring more value to the organization from a security standpoint, but they're spending all their time doing stuff that they don't feel is really taking them there.
Yeah. It's it's it's really hard. It's really hard and very frustrating. I I worked in I worked in, an environment like that.
And it's not that you don't have, like, you're you're not being given resources. It's that the better you get at detecting, the more you have to respond to. If you buy a new tool, all of a sudden, that new tool is gonna be generating alerts, so you can quickly become overwhelmed. And even even if you're on top of things, right, there can just be an incident and or maybe it's a new vulnerability like Log four j or something.
And now all of a sudden, it's all hands on deck and, oh, wait. You are already, like, full you already had your hands full, so now it's nearly impossible to to stay on top. And, of course, what you really want to be doing is you really wanna be improving the like like, yeah, adding actual value to see your security program, improving the risk posture of your organization, plugging holes, building better detections, like, preventing things from happening. But because you're overwhelmed, it's very hard to focus on that.
So before we dig into the the results of the survey, I I wanted to ask, do you feel like the people who responded, do you feel like they were reflective of the industry at large, like the the the types of demographics? Did you capture a good Yeah. We did. Section?
They they they were so so there there were five hundred respondents. They were very broadly, very broadly reflective of the industry. I think there were fifty five percent male, forty five percent female or so, which is probably a little bit, over indexed on female, unfortunately, even in, even in that.
I think forty five percent of the people that responded were in technology, ten percent manufacturing, eight percent finance, which is, again, about right in the industry. And then in terms of company size, I think we had about fifty percent that were in companies below a thousand, thirty percent between one thousand and five thousand, and twenty percent above five thousand. So it was very reflective of, of the industry, especially industry with security teams. Right? So we're not trying to capture those, unfortunately, those those teams that don't have don't have anybody working in security operations. But, yeah, it was, it was broadly broadly speaking, reflective of the overall security, security industry.
Okay. So a lot of the survey was like, how are people feeling? And, I know I personally have have colleagues who have worked as, security analysts and left the industry because it was it was exhausting, and they felt that it wasn't, the kind of work that they wanted to do. Did your did your survey reflect that feeling?
Yeah. And the reason I think the reason we set out to to exactly that. The the reason we set out to to to do the survey was because that was what we felt like. That we felt that we were hearing both anecdotally and seeing among our network that a lot of people were leaving and a lot of people were unhappy and a lot of people were burnt out and that a lot of people were planning on leaving their jobs.
That's that's why we started it to see, like, is this actually is this actually true? And is there anything that we can we can do? And we'll talk about that in a in a few minutes. But, yeah, you're right.
It really did, reflect that people were unhappy. I don't want that to be the only code flow. So there were some there were some really interesting takes. So so one is that, like, sixty nine percent of people were actually happy, or sorry, satisfied in their jobs.
Okay. Sixty percent, yeah, sorry. Sixty eight percent were engaged. Sixty nine percent feel respected. So there's actually there's a lot of positivity.
I think security professionals, they do feel like they're they're doing a good job. They're they're motivated. They're doing the right the right thing, and they're they're saying, actually, you know, I'm I'm I'm on there's a lot of, I suppose positivity in the security world that, you know, you're you're making a difference.
But there was just a huge amount that said exactly that that said they were they were burning out. So forty eight percent, almost fifty percent said they were very burnt out, and another twenty three percent said they were somewhat burned out. And then even worse than that was what you were saying. So sixty five percent of people, respondents said they planned on leaving their job in the next twelve months because of that burnout, because they were exhausted, because they just couldn't, they couldn't stay stay stay on top.
That's a huge figure. And it's not gonna be that people are going to leave. It's just that they intend to leave. They're gonna be looking that they want to, want to move on.
Yeah.
And that's it's very worrying for an industry that's already struggling.
Oh, yeah. That's a terrible one.
Able to yeah. We're not able to keep people, keep people happy and to, yeah, to to treat them right, I suppose. So this it kinda it behooves us, like, security leaders and people that are in positions of authority when we're hiring and more importantly when we're, yeah, looking looking to retain those staff. It behooves us to to take action.
And I think that knowing why people are frustrated and burned out is is going to help, resolve the frustration and burnout. Right? Because if you don't know what's causing it, how do you address those root root causes? So what did you, what do you think causes the frustration and burnout?
I think there's it's so some of the some of the some of the results were were unsurprising. The the first one, eighty one percent of teams said they or respondents said they thought their team was understaffed. So that's the that's, like, the the first the first thing.
Two thirds of analysts are doing way too much manual work and say they that that computers could do fifty percent of their jobs. But I think the other part about it is that kinda as you pointed out, when you're responding all the time, defense is really hard and it's really demotivating when you're just responding and you're not able to get on an attack. It's like if you're, you know, if if you're the team that you're supporting is just, you know, on defense all the time. It's like it doesn't feel very good.
Even if you're not letting in any goals, even if you're not getting breached, and plenty of people are getting breached. But even if you're not getting breached, it's not motivating because you don't feel like you're getting better. It just feels like that the inevitable is going to happen. Right.
So I think there's there's a lot of frustration with that. There was a lot of other things, like too many false positives, too many consoles to look up, too many tools, inaccurate and incomplete data. But the big thing, yeah, just, they're they're understaffed, and they're they're dealing with too many, dealing with too many alerts.
Yeah. I I can see that's that jibes directly with what I see in just talking with people in the field who are are currently doing the security analyst job, hands on. In addition to that, you know, understaffing and and just fighting, it feels like a Sisyphean effort.
You know, just pushing that that Exactly that.
That's crazy.
Believe it up the hill.
Right?
So I'm gonna take my time.
Were there other things in the survey that that could help retain talent?
Yeah. So I think you have to read between the lines a little bit, but, yeah, absolutely. The the the two things there were three things that stood out. The first was that we're doing a good job of insecurity of measuring things like mean time to detect, mean time to respond, mean time to investigate, but we're not really doing enough to measure how our team are doing.
So I think it's really important if you want to retain your staff. And there's a lot of a lot of CISOs and a lot of directors and a lot of security teams that are doing a good job at this, but there's not enough that are saying, hey. How many times are our team being called on weekends? How many time are like, how many times have the team been woken up?
How many times like, who who's taking their holidays? And I think if we start measuring that, tracking that, forcing people to do that, you'll get a team that are like, have more folks in their mental health, really, really important, but also that are a little bit more satisfied that actually they're being looked after.
The second thing that was, brought up a lot was that security operations, when you're on the defense, is just not that enjoyable all the time that you kinda have to but it's not to say that it's not to say that it's, like, it can't be fun. It's that when you're doing the same manual tedious, and the word manual came a lot, manual tedious task over and over again, that's not fun. So I'm talking about, like, creating the same ticket for the same user five times. Yeah.
Things like, yeah, copying an IP address and pasting it into your threat intel tool and seeing is it bad. But if we remove if we, like, remove that job, allowing people to have more fun, like, actually investigate the the incident, go a little bit deeper to understand the TTPs, try to find out what brand of malware this is, see if they can find out more information or attribution about the phishing attack, That's really, that's really positive. And the third thing that came up was around automation. A little bit unsurprisingly, I think, that if you focus on automation, you're able to remove a lot of that manual tedious work Mhmm. And allow people to move on to more impactful risk reduction efforts.
Right. It's the it's the constant copy paste or the constant doing things that you've done sixteen times over that can be really wearing on a person.
I I'm just demoralizing that. You're like, this is not like, I didn't go go to university or I didn't train or I just don't wanna be spending my time doing this. I I I'm a human being who wants to add value, and and I wanna learn. You're not learning when you're doing that. But if you if you enable people to, like, feel less burnt out to take their holidays, if you enable them to make the process a little bit more fun, own it themselves, and if you remove that just tedious task that can be automated, I think that's a recipe for a recipe for happier teams, teams that will stay for stay for longer, work harder, and it just generally is the right thing to do for your for your staff.
Right. So tedious manual work, I hundred percent agree, is the issue because I felt that myself when I was in operations, and I see it still constantly with the people that I work with. So I can, you know, definitely, sing from that same choir sheet.
This episode is brought to you by SecurityMetrics Shopping Cart Monitor Inspect. It's a revolutionary new product that can help you detect any problems with your shopping cart security, allowing you to effectively improve your ecommerce security. Here's what I know about it. A lot of times people say, well, hey.
I am PCI compliant because I passed my SAQA. Great. You're missing most of the things that people are actually stealing information from right now. Shopping cart monitor was created to actually close those gaps and help you against things like Magecart and other known ecommerce issues.
To learn more about this shopping cart monitor, head to our website security metrics dot com.
I know that I told you you shouldn't do a sales pitch thing, and I'm gonna tell everybody I this this is literally what your company does. This is literally why I asked you here. And so I want you to talk about automation, not just generally, but also what you do, understanding that this is this is how Tynes does it. And and, I apologize to the people who who find this uncomfortable.
But there are lots of people who wanna know where do I go to get this kind of a solution to help me out with it because not everybody knows how to write their own scripts. Not on not everybody knows how to to automate things on their own. Most people don't, as a matter of fact. And that's where you come in.
Absolutely. Yeah. And thank thank you for thanks, a, for giving me the opportunity, but b, yeah, for for prefacing it. So I'm a I'm very much a soft seller.
My marketing team don't, don't like that. But at the same time, I I think look. I'll say there's there's a lot of tools out there. A lot of them do a really good job.
So if you wanna check out Tynes, check out Tynes, but there's also plenty of other tools out there that do, that that can can do similar, similar things. And, yeah, I think the point about it is that if if you look at a a no code automation tool like Tynes, what you can do is you can find that those manual process processes of, like, responding to an alert. So copying and pasting an IP address and looking it up in your threat intel tool, finding all the related data and adding it to a ticket. Maybe it's analyzing a phishing email, so it's tracking the URLs, analyzing them in a, a sandbox or something like that.
Or even if it's just, like, like, investigating a a suspicious login by contacting a user, all those manual steps that you would take, if you were doing that process by hand or if it's an analyst, they're very simple to to automate.
With Tynes, we make it very, very simple. We've got a, like, very quick, easy to use, interface that basically, like, anybody that's knows the process is able to automate it. You don't have to be a developer. You don't have to be a coder.
And, also, it's, it's, yeah, it's very, very reasonably priced. It's free for the first three use cases as well if you just go to times dot com. But I I think the the point is that there's a lot of people, as you say, they feel that there's a barrier that they don't really know where to go. But in reality, there's a lot of opportunity out there, to take so much work off your plate and allow your analysts and engineers, even if you have a very small team, to focus on those much more impactful, efforts and keep their keep their team, keep their company safe, and keep themselves sane.
Right. And and I I think there's so much value in, retaining good skilled, knowledgeable people. You want people who are interested in keeping you secure and who are who are invested in that because they've been there for a lot of years. So finding ways to take away the tediousness and really maximize the the fun, interesting problem solving part of it, I think, is is going to more than repay that.
It's it's also a lot of fun, though. As in when you're when you're actually automating those tasks and you're saying, wow. That process took me, like, you know, an error. I was doing that twenty times a day, and now it's just happening automatically, and it's happening when I'm asleep.
That's very satisfying when you, when you see that happen. So but, yeah, as you say, it's it it keeps your staff happier. It makes them, yeah, it makes them stickier. And I think for those of us that that view security as a little bit as a little bit of a vocation, it allows you to allows you to, you know, be a little bit more content in your job.
Actually, I'm, you know, I I'm able to take that time off. I don't have to I don't have to be checking my phone to be like, with that sort of Damocles hanging over your head.
That's, that's amazing because that typically is part of the job. Knowing the phone is going to ring, knowing you're gonna get woken up in the middle of the night, knowing that you have to deal with, like you said, making six more, tickets for the same person.
And, like, in many ways, your phone is still gonna ring. It's just that the process that it takes for your phone to ring, all of those steps are gonna have to have happened already, and you should be, in many cases, already able to say, actually, that's a false positive, so we don't have to we don't have to ring Jen. She can she can continue sleeping.
So That's that's excellent.
So, I I think that your survey went the extra mile by, talking about skills analysts need to be successful. So I'd like to hear a little bit about them.
What are your what are your top three?
Yeah. Now these are the skills that they say they need to be successful, which is not always the skills that the that the CSO will say they they need to be successful. Okay. But but at the same time, it did it did really highlight a few.
Unsurprisingly, I think, as you said, a lot of people, they're they're a little bit afraid of, of of automation. They're afraid of, they're they're not they don't they feel they don't have that that the skill to be able to, like, reverse engineer malware, build out those detections. And scripting is something that every almost everybody that responded to. Actually, I'd like to get a little bit more, more comfortable with.
There's a lot of engineers and analysts that know how to do that, but it was something that a lot of people wants to improve.
But I'll bet you that that scripting need is because they wanted to automate things. It's because they wanted to to offload some of the manual tools.
Because they're like, I wanna be able to get rid of this. I wanna I want to be able to move faster. I wanna be able to get to to do my job in a much more effective way was the was the reason behind it. The other things that they said they they wanted they wanted to understand a little bit more.
So they wanted a deeper understanding of computer forensic techniques. So if something bad happens to be able to investigate, exactly what happened. And then really interestingly, because I don't think this is, I this was not intuitive to me at all. But a lot of people said they wanted to understand how to operationalize a framework.
So, specifically, MITRE came up quite a bit. What what's interestingly interesting about that to me is that it suggests that a lot of the team or a lot of the respondents were thinking a lot bigger, that they're not I just don't wanna I don't wanna just build the detection for the sake of building a detection, that I want to have a little bit more structure and comprehensiveness to my program so that if we get, all of it or if we're trying to improve that we know just how far along we are and that it's not just, you know, building something for the sake of building it. So I I really like that as a skill that, that that they themselves called out, as something that they really wants to they really wants to focus on.
They really wants to learn.
And they think they're saying I think some of the the best, most skilled, most valuable security analysts that I have dealt with are people who have that broad systems thinking, who know that if if this moves in this way, it's going to affect these six other things. And so, operationalizing a framework, that actually doesn't surprise me now now thinking of it. But at first, yeah.
Yeah. I I I guess it it does make a ton of sense. It's just a well, if you'd asked me what I thought the results were gonna be, I don't think I would've, I don't think I would've said that, which means I'm probably not giving giving security analysts and engineers enough credit, to be honest with us. Yeah. There are some Yeah.
There are some great ones out there, but you have so much deep knowledge, and have been in security operations for so long. I'm gonna throw some some surprise question at you, which is, what do you think makes a good security analyst?
I think there's a whole load of, a whole load of things.
For me, there's when I'm looking, I look for people that have a little bit of tenacity.
So that that, like, inch and I'm not really sure how. I'm not really sure why, but they feel the need to go that little bit deeper. And they feel the need to ask that question. I don't actually understand that.
Tell me why that's the case, or something looks wrong here. And in many ways, I I can't I I look for the spidey sense, but you should never be building a program based on your spidey senses are tingling. But what you should be looking for when you're hiring somebody is someone that says, I want to learn more, and I want to, like, pull up that string and keep on pulling until I understand it. And if you're if you're looking to hire somebody, someone that wants to learn, someone that's that wants to, like, wants to consume as much knowledge as possible, but that notices actually, something doesn't look right here is, you're you're gonna be look if if you can find people with that skill, you're gonna be able to train them to, get train them to work work hard.
The the one thing that I'll say is that when I'm when I've been in a SOC, there's been a whole load of people with a lot of different skills.
If I'm hiring as well, the other skill that I really look for is somebody that I can stand being beside at, like, midnight. And if you've got people that are friendly and that you enjoy working with, that's gonna be the most important.
Like, it's yeah. It's a it's a it's a I I I'm very wary of, very wary of saying, like, culture fits because culture fit just leads you to hiring the same sort of people as you, and that will lead to a lot of bias. But at the same time, finding people that you wanna work with, and that you enjoy working with is, when you're when you're deep in a security incident, it matters a lot that the people that you trust the people beside you.
Sure. There are people who are willing to be positive, willing to be happy, interested in in in building relationships, and there are people who, are not.
And the people who don't care about how other people around them are functioning are those are definitely harder to to solve the deep problems with. I also I liked what you said about the spidey sense. You don't always wanna trust it. But sometimes I find that those are people who recognize patterns, that they they see a pattern. They know something is out of that pattern. They're just not sure why. And then when you add what you just said about the tenacity going deeper, I think humility too.
Yeah. Absolutely. Humility is and and, like, knowing that, like, actually, I don't know. With with with security, like, you learn very quickly that you don't know a lot and, like, that that that in in many ways, like, a an incident responder's job is coming up to speed on a lot of systems very, very quickly that, you know, it's it's fair enough when it's, a very basic alert and you've got your process. But once an actual incident happens, you're diving into, you know, an environment that stores credit cards. You're like, what are these logs? Tell me as much information as you can about these logs in ten minutes because I need to be able to make a decision as to whether to keep this device online or not.
And, yeah, that tenacity, that, like, the capability of asking those those questions is really, really, is really, really important.
Right. So Right. So any final thoughts before we close today?
I don't think so. I think, like, I've I've really enjoyed this, really enjoyed this conversation. I think, yeah, if if somebody wants to check out the survey, times dot com slash sock. It's not behind the paywall or anything like that.
Yeah. And, yeah, we've got another survey that's coming out about mental health pretty soon. This is mental health awareness month right now. So, that's, that's super important as well.
Yeah. Times dot com slash soc. Check it out if you want it.
Oh, don't you also have a podcast?
We I do indeed. Yep. So if you if you wanna get in touch with me, Thomas Kinsla on LinkedIn, Thomas Kasek on Twitter, and then, yeah, if you wanna listen to the Future of Security Operations podcast, I've got a bunch of episodes, that's on all the major pop, all the major podcast platforms. But, yeah, the Future of Security Operations podcast interview a lot of security operations leaders and and how they deal with some of the challenges around, yeah, yeah, analyst burnout, but also tips, tricks, and learning from learning from their mistakes, and actionable best practices.
So definitely check that out.
For another good podcast to listen to in the in the security space, so I will definitely be one of your listeners. Thank you again for joining me, and I hope that, I get to talk to you again in the near future.
Thank you, Jen. It's been a pleasure.
Thanks for watching. To watch more episodes of Security Metrics podcast, click on the box on the left. If you prefer to listen to this podcast, it's available on all your favorite podcast platforms. See you on the slopes.
.svg)
