Building a Security Operations Center from scratch is not an easy thing. But since it's not the first time I'm doing it, I am familiar with the challenges. These challenges include the building of the processes in a company-adjusted manner, the selection of the toolset and integrations to match the company's enterprise architecture, network architecture and of course my own security architecture, but nowadays, and due to the significant skill shortage in cybersecurity the major challenge is finding the right people.
Don't get me wrong, finding the right people has always been a challenge. Maybe the most significant of the people - process - technology triangle. It's just that lately it has become so difficult to find the right candidates in Cybersecurity that this task alone may become a very significant blocker.
Knowing that in advance I was well prepared. I built my use - cases to make sure I can identify the candidates' analytical thinking skills. These use - cases were adjusted for my company and company's technologies (current and potential future) to ensure high compatibility and no surprises to the candidates. And I use my experience to direct the discussion as needed, trying to uncover any hidden issues before making a decision.
After 9 months and more than 60 interviews, I 'm only at 20% of where I want to be in the end, and only 60% of where I had planned to be at this moment. Just to make it clear, the interviews were conducted after the recruiter (internal or external, we use both) have located the candidate and cleared them. Every interview is in total 1,5 hour of my time. Not including the recruiter's time to find the candidate neither the HR manager's time to run their interviews and discuss financials and terms.
Judging based on my involvement alone, this exercise is already at 2 full weeks time. Overall just the candidate choice process will take me a full quarter for the SOC.
Although I do have high(er than many people) standards, I am quite flexible. I interview people with security background, with only IT background, with no IT background at all (remember critical thinking?) and I am willing to invest a lot of time in training, mentoring and developing my team. Maybe this is a reason for the so many interviews, but the level of the people with security background I'm interviewing, is in general very low. This obviously does not apply to my current team members :)
A word of wisdom if I may to my colleagues starting or being on the same journey: Be patient and invest time. Every hour you invest in choosing the right candidate and guaranteeing cultural and skills fit will have a dramatic reflection on the efficiency of your operations later!