In this Spotlight Podcast, sponsored by Arctic Wolf Networks: sessions at this month’s Black Hat Briefings on PTSD and substance abuse among security workers are proof that the high pressure, high stakes world of information security can take its toll. So what does it take to find, train and nurture information security pros? Sam McLane, the Chief Technology Services Officer at the firm Arctic Wolf Networks joins us to talk about how his company holds on to top security talent.
It wasn’t so long ago that The Black Hat Briefings in Las Vegas were all about the hacks, the lulz and the 0days. But, slowly, that has changed. As cyber security has matured from a niche of the technology industry to a full fledged, multi billion dollar industry, more and more attention is being paid to the challenges facing the industry itself: from worker shortages to racial and gender imbalances to the stress of front line cyber security jobs.
That was the case at this year’s Black Hat Briefings and the DEF CON conference, where talks on problems such as PTSD and substance abuse among security practitioners were part of the agenda. But with talent scarce, but burnout commonplace, what is the best way to identify, train and cultivate security talent? What are the problems that front line cyber security professionals working in secure operations centers being asked to handle? And How do modern day SOCs manage threats across both traditional IT environments and newer cloud-based deployments?
To find out, we sat down on the sidelines of the recent Black Hat Briefings to chat with Sam McLane, the Chief Technology Services Officer at the firm Arctic Wolf Networks, which offers SOC as a Services.
In this conversation, Sam and I discuss what it takes to develop top notch cyber talent, why the information security profession is so prone to burn out, and how employers can cultivate a work life balance in what is a high stress career.
Sam said it can take 5 to 6 years of on the job experience to develop a top-notch security analyst – maybe more if employees are stuck in narrowly defined roles or don’t have the opportunity to broaden their skillset.
“I think the training is getting better but it truly is what you’re exposed to,” McLane said.
And, while it might be tempting to let your security pros work 60 hour weeks and burn the midnight oil, McLane said, that might not be the best approach in the long run. If top talent burn out and leave the industry, companies are often left with “really smart people who have no practical experience.” The result, McLane said is that “we’ll have to relive history.”