Managing CSIRT burnout and turnover: a case study, Part 1

* Why fighting burnout is important

Once we've hired a good employee and invested in training and integrating that person into our operations, it's a terrible waste to lose their enthusiasm and even their services through burnout and turnover.

MSIA graduate Timothy Dzierzek wrote an excellent paper in the course I taught on Computer Security Incident Response Team Management last summer, and I’m delighted to present his work (slightly edited) in this and two additional columns based on his case study organization, which is represented pseudonymously as “Smith & Smith.”

By the way, even professors in the MSIA do not normally know their students’ case study names – we are deeply concerned with protecting confidentiality of their sources and explicitly ask them not to reveal details of the organizations they are studying.

* * *

Hiring adequate staff for a Computer Security Incident Response Team (CSIRT) represents a critical challenge for any organization. The CSIRT must have an adequate number of employees to respond to computer security incidents. Author Danny Smith, a member of the Australian Computer Emergency Response Team, states that “the size of a team would have an effect on the overall capability of the team.”

In addition, the CSIRT must employ technicians with necessary skills and experiences. Experts at the CERT Coordination Center state, “[Y]ou need people with a certain set of skills and technical expertise, with abilities that enable them to respond to incidents, perform analysis tasks, and communicate effectively with your constituency and other external contacts.” Meeting these two requirements ensures the CSIRT has adequate staff to perform this valuable function.

Once organizations hire employees for the CSIRT, they must manage their personnel to maintain adequate staffing levels. One area that organizations must focus on is staff turnover. A Help Desk Institute study published in 2000 suggested that 48% of help-desk managers interviewed the previous year considered staff turnover a serious problem.

A specific area that organizations must address is the effect that staff burnout has on the CSIRT’s capabilities. The authors of Handbook for Computer Security Incident Response Teams (CSIRTs) state, “Many CSIRT staff suffer from burnout…, where the constant pressures and stress from daily… incident handling tasks become a burden and intrude into the private life.” Each of these factors has detrimental effects on the CSIRT.

Help desks and CSIRTs face many of the same personnel management issues. Organizations attempting to implement a CSIRT, such as the law firm of Smith & Smith, should analyze how their help-desk group manages its personnel. By learning from the successes or failures of the help-desk group, organizations can implement processes that address a critical area for its CSIRT.

More in the next column.

* * *

Timothy Dzierzek, MSIA, MSTSM, is currently a Senior Network Engineer for ID Analytics, Inc. He worked for his case study organization for seven years in various positions, including help-desk technician and network engineer. Tim has 16 years experience supporting, securing, and maintaining IT systems. He welcomes comments by e-mail

Learn more about this topic


Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022