There are more than 460,000 open cyber-related jobs in the U.S, according to Cyberseek.org, and the onus to attract the talent to fill these positions is primarily on CISOs and SOC team managers. They are responsible for finding not only the talent with the right cybersecurity skillsets, but also the talent with the skillsets that will be most beneficial to their SOC team. Compounding the problem is that cybersecurity skills require both hard and soft skills, and a scarcity in any skillset can seriously impact team performance and cyber resilience, and worse, an organization’s security posture
Soft skills, for example, are critical to a SOC’s ability to communicate effectively. The ability to communicate effectively ensures that team members understand their role during a live incident, know how to collaborate with other team members, are able to impart forensic evidence to other team players, and can even identify when another teammate is feeling distressed.
At a minimum, cybersecurity professionals must possess the following five soft skills:
1. Collaboration – Cyber resilience, quick incident response rates, and strong cybersecurity postures don’t happen in a vacuum. SOC team members need to integrate into the team structure and work closely and effectively with other team members. They need to be able to share threat intelligence information to ensure that the entire team is acting as a cohesive unit during a threat.
2. Critical Thinking – Critical thinking, the ability to examine facts, analyze them, and form conclusions, is at the heart of SOC analysts’ job, particularly when they must investigate multiple layers of an attack.
3. Communication and Active Listening – Communicating with other team members and management is a regular activity on a SOC team. So is listening and following directions. Competency in communication is especially essential during security incidents when actions taken must be accurately reported, data must be interpreted and conveyed, and decisions about the tools and procedures to use must be made.
4. Work Under Pressure – It’s no secret that cybersecurity professionals work under intense, stressful conditions. The ability to remain calm under pressure, communicate under pressure, and make decisions under pressure in real time with reliable accuracy are vital skills for SOC team members.
5. Problem-Solving – In cybersecurity, where the SOC team is constantly facing an evolving threat landscape and new attack scenarios, analysts need to be able to troubleshoot. They need to be able to use logic and follow an established methodology to interpret and respond to new problems.
Obstacles to Assessing SOC Soft Skills
Given their importance to SOC success, the need to build a SOC team with team members possessing advanced soft skills is urgent and transparent. Yet, judging traits like creativity, adaptability, and leadership can be tricky. Assessments for soft skills during the interview process are rarely useful because the assessment practices in place tend to be ineffective or inaccurate; coding tests, presentations, and other traditional testing methodologies do not work for cybersecurity. According to the 2020 Cyberbit SOC Skills Survey Report, 70% of assessments in cybersecurity are done via conversation only. Nonetheless, insight about a candidate’s soft skills is crucial knowledge for building an elite SOC team.
How to Do Assessments the Right Way
The only effective way to achieve this insight is to evaluate candidates by observing their performance as a member of a SOC team. By observing them in action, SOC managers can determine whether a candidate has the requisite soft skills to become a successful member of their SOC team. Observing and tracking important soft skills helps you identify candidates that remain calm under pressure, communicate effectively, help coordinate investigations and response etc. – it helps you identify the candidates that can benefit and strengthen your SOC team.
Using Cyberbit to Accurately Assess SOC Candidates
The Cyberbit cyber skills platform provides exactly that capability by placing SOC team candidates in a hyper realistic environment with modules that test for both technical and soft skills, allowing you to observe and evaluate their skills in action, thus deepening your insight and understanding of your candidate’s soft skills and helping you to make a more informed decision about candidate viability.
In addition, automated assessments track and grade the candidate allowing you to measure a candidate’s ability to communicate, maintain calm under pressure and respond in stressful situations. Progress tracking allows you to understand how candidates (or new team members or team members in new roles) will affect your team dynamic. Furthermore, you can use the Cyberbit debriefing platform to see whether the candidate took the right steps for detection and investigation, communicated as needed, and was able to respond swiftly.
Assuring SOC Success
Relying solely on analysts’ technical skills and certifications to build your SOC team will leave your organization vulnerable. On the other hand, building a SOC team with both technical skills and soft skills will ensure that your team can respond quickly and decisively when an attack occurs in the real world. SOC managers and CISOS need to look beyond the technical skills required for cybersecurity and build a SOC team comprised of analysts that possess a diversity of knowledge, experience, and skills – both technical and soft skills.