Public Shaming in SOCs: A Counterproductive Management Practice

The cybersecurity landscape is demanding, with Security Operations Centers (SOCs) and Managed Security Service Providers (MSSPs) handling hundreds to thousands of alerts daily. In such high-pressure environments, mistakes are inevitable. However, the management practice of publicly shaming analysts for errors, as reported in a recent Reddit post, raises concerns about workplace culture and its impact on cybersecurity operations. In the discussed scenario, a SOC team receives 700 to 900 alerts and 100 to 200 escalations daily. The management continues to onboard new clients, increasing the workload. When analysts make mistakes, they are publicly criticized in meetings, with potential consequences mentioned. This practice can lead to a toxic work environment, decreasing morale and increasing turnover rates. High turnover in SOCs can lead to a lack of experienced analysts, ultimately affecting the organization's security posture. Public shaming is not a standard or recommended practice in SOCs. Instead, a blameless culture is often advocated in cybersecurity. This approach focuses on fixing problems and learning from mistakes rather than blaming individuals. It helps build a resilient team capable of handling the pressures of a SOC environment. The impact of such management practices on the cybersecurity landscape can be significant. If widespread, it could lead to a shortage of skilled analysts willing to work in such environments. This shortage could affect the overall security posture of organizations relying on these SOCs. From an expert perspective, it's crucial for management to foster a supportive environment. Mistakes should be discussed privately, and solutions should be found collaboratively. For analysts, documenting mistakes and learning from them is essential. Seeking mentorship or additional training can also help improve skills and resilience. In conclusion, while SOCs are high-pressure environments, public shaming of analysts is not a constructive practice. It's essential for management to adopt practices that encourage learning and resilience, ultimately leading to a more effective and robust cybersecurity operation.