Non-Technical Skills That Help SOCs Thrive
Non-Technical Skills That Help SOCs Thrive
There’s much to consider when running a smooth security operations center (SOC) that effectively monitors networks and analyzes and responds to cyber threats. Among the blend of people, processes, and tools that make up a SOC, the human element is perhaps the most important factor behind its effectiveness.
When discussing this human factor, a lot often gets said about technical skills required for distinct SOC roles like security analysts, security engineers, and incident responders. However, to get the right people for your SOC, non-technical skills are just as pivotal. Here’s an overview of some essential non-technical skills that help SOCs thrive.
Non-Technical SOC Skills
A recent SOC performance report found that just 17% of SOC staff agree that their SOC is very effective. Separate research highlights a lack of skills and interpersonal challenges between team members as key inhibitors of a well-functioning SOC. Soft skills complement technical expertise and contribute significantly to your team's ability to respond to threats swiftly and efficiently—here’s a run-through of some of the main ones to look out for among prospective team members and managers
Stress Management
It doesn’t matter what the specific role is, working as part of a SOC team is stressful at times. One thing that separates those who thrive and those likely to quit is the ability to manage this inevitable stress. Effective stress management ensures that team members remain calm and focused, which enables them to make rational decisions and perform tasks with precision (as cyber incidents demand).
Figuring out stress management capabilities in prospective candidates can come from competency-based examples where the candidate faced difficult situations but was able to recover and learn from the experience. People who mention stuff like exercise, meditation, time management strategies, or hobbies that help them unwind also demonstrate that they understand the need to manage stress.
Problem-Solving
The complex and dynamic landscape of cybersecurity threats calls for solid problem-solving abilities. Cyber threats constantly evolve, and SOC teams must adapt their strategies to protect the companies they work for.
At the heart of problem-solving is analytical thinking, which allows SOC team members to dissect complex problems into smaller, manageable parts. There’s also an inherent creativity needed in problem-solving; thinking outside the box to mitigate threats (e.g. creating scripts that automate the detection of certain threat actor activity). Another important part of this soft skill is making decisions with incomplete information.
Situational Awareness
This skill is all about seeing the bigger picture and understanding how different pieces of information fit together. The need for situational awareness is not limited to any single domain; it’s useful in fields ranging from aviation and military operations to cyber defense.
Three key components comprise this skill:
Recognizing critical elements, events, or information in one’s surroundings
Understanding what perceived elements and events mean in the current situation
Anticipating what might happen next based on the current situation and trends to enable preemptive decisions or actions
Situational awareness helps SOC personnel discern unusual patterns or anomalies from regular network noise, respond more strategically to incidents, and prioritize resources and efforts toward the most critical threats.
Clear communication
Clear communication involves using concise language, avoiding jargon when talking to non-technical stakeholders, and swiftly relaying important information to the right people. A SOC performance report found that 60% of SOC staff and managers rated communication as average to below average, so there are clearly shortfalls in these soft skills.
Clear communication is not just about conveying information; it also involves listening and responding to feedback. In a SOC, this might mean establishing channels for receiving updates from IT departments about the status of incident resolution, or it could involve listening to senior management concerns. Clear documentation is also important; team members need to clearly document incidents, responses, and post-mortem analyses to preserve valuable insights and records for compliance reasons.
Empathy
It goes without saying that senior SOC members should be strong leaders, but a big part of this leadership is the skill of empathy. SOC leaders and team members should demonstrate empathy by understanding and addressing the concerns and stress levels of their team and other stakeholders, particularly during cyber incidents.
Empathy contributes to a supportive work environment, where team members feel understood and valued. Empathy helps in recognizing signs of burnout or stress among SOC team members, understanding the concerns, priorities, and perspectives of different stakeholders, and managing the concerns and frustrations of users affected by a cyber incident (whether they are customers or employees).
Attention to Detail
Given the sophisticated nature of more advanced cyber threats, a keen eye for detail is essential in SOCs. Missing a small clue or overlooking a minor anomaly could mean the difference between stopping an attack early and dealing with a significant breach. Team members need to scrutinize minute details within vast data sets, system logs, network traffic, and security alerts for accurate threat detection, incident analysis, and quality documentation.
Teamwork/Collaboration
While closely related to communication skills, teamwork and collaboration encompass a broader set of behaviors and attitudes that facilitate working effectively in a group toward common goals. Teamwork and collaboration allow for the pooling of different areas of expertise among SOC personnel, which enables better approaches to threat detection, analysis, and mitigation. Teamwork calls for not only good communication but also a willingness to share knowledge and resources, the ability to compromise, and a commitment to the success of the team over individual achievements.
Simulation exercises that mimic real-world cyber threat scenarios help foster better teamwork and collaboration among SOC team members through shared experiences, clarifying roles and responsibilities, and providing opportunities to debrief and reflect on performance by discussing what worked well and what could be improved.
Honing Technical and Non-Technical Skills in Cyber Ranges
Cloud Range’s cyber range-as-a-service platform provides custom, live-fire cyber ranges with thousands of realistic attack simulations for SOC team members to improve both their technical and non-technical skills such as communication and teamwork, situational awareness, problem-solving, and attention to detail. Customizable environments, in-depth analysis, and actionable reporting further enhance the learning experience.
See a demo here.