LDR 551_Book 5

Question 1

What is the title of the paper by Sundaramurthy, Sathya Chandran, et al.?

Answer 1

A Human Capital Model for Mitigating Security Analyst Burnout

Question 2

What method did researchers use to study SOC analyst burnout?

Answer 2

Anthropological study

Question 3

What is the main conclusion of the study on SOC burnout?

Answer 3

Burnout is a human capital management problem

Question 4

What did the researchers identify as connecting factors affecting analyst morale?

Answer 4

Multiple vicious cycles

Question 5

What is the core model developed by the researchers called?

Answer 5

Human capital model for mitigating security analyst burnout

Question 6

What are the four factors in the SOC human capital model?

Answer 6

Growth, Skills, Empowerment, Creativity

Question 7

What happens if one factor in the SOC human capital model trends negatively?

Answer 7

Leads to a vicious cycle

Question 8

What is the key driver of growth in the SOC human capital model?

Answer 8

Variety in job tasks

Question 9

What should be used to eliminate mundane work in SOCs?

Answer 9

Automation

Question 10

How are skills defined in the SOC human capital model?

Answer 10

Development and continuous improvement of analysts’ skill-set

Question 11

What can cause analysts to look externally for new opportunities?

Answer 11

Skills no longer growing

Question 12

Sources of WSO Training

Answer 12

On-the-job experiences, peer-directed, formal training

Question 13

Purpose of on-the-job training

Answer 13

Honing skills through daily experiences

Question 14

Examples of on-the-job training

Answer 14

Tabletop exercises, Purple Team exercises, penetration testing, Red Teaming

Question 15

Key driver of analyst empowerment

Answer 15

Trust in SOC skills

Question 16

Definition of empowerment

Answer 16

Analysts can do their job efficiently

Question 17

Common problems in empowerment

Answer 17

New teams, politics, past mistakes

Question 18

Recommended action for empowerment

Answer 18

Slowly build trust with peer-reviewed process

Question 19

Definition of creativity

Answer 19

Ability to handle novel operational scenarios

Question 20

Key driver of creativity

Answer 20

Empowerment to solve challenges uniquely

Question 21

Common problems in creativity

Answer 21

Over-prescribed procedures, lack of time

Question 22

Recommended action for creativity

Answer 22

Free time for improvements, encourage learning

Question 23

Purpose of reflection in SOC

Answer 23

Review procedures to find bottlenecks

Question 24

Purpose of automation in SOC

Answer 24

Eliminate repetitive tasks, improve efficiency

Question 25

Tools for operational efficiency

Answer 25

SOAR, EDR, SIEM, scripts

Question 26

What is the goal of finding repetitive tasks?

Answer 26

To automate tasks using scripts, SIEM, EDR, or SOAR.

Question 27

How does automation affect analysts’ morale and creativity?

Answer 27

Improves morale and provides a creative outlet.

Question 28

What happens when analysts develop new automated tasks?

Answer 28

Their job becomes easier.

Question 29

What is the bi-directional connection noted by researchers?

Answer 29

Operational efficiency and job satisfaction.

Question 30

How does human capital affect operational efficiency?

Answer 30

Skilled analysts make operations efficient.

Question 31

How does automation impact operations?

Answer 31

Accelerates operations, especially repetitive tasks.

Question 32

What influence does operational efficiency have on analysts?

Answer 32

Creates a positive influence.

Question 33

Why are metrics crucial for SOC?

Answer 33

Communicate SOC’s value and ROI to management.

Question 34

What can happen if bad metrics are used?

Answer 34

Can create falsely low perception.

Question 35

How does improved operational efficiency affect metrics?

Answer 35

Improves consistency and shortens response times.

Question 36

What happens when SOC perception improves?

Answer 36

Budget stays flowing or increases.

Question 37

What is the most important feedback loop for SOC?

Answer 37

Management support fed by SOC metrics.

Question 38

What was hard to define according to researchers?

Answer 38

Good, representative, operational metrics.

Question 39

When are analysts more receptive to feedback?

Answer 39

When they believe in the metrics.

Question 40

What should metrics show besides incident data?

Answer 40

Meaningful effort by the SOC.

Question 41

What is the negative effect of bad metrics?

Answer 41

Masks problems and leads to negative consequences.

Question 42

What can result from analysts being overburdened?

Answer 42

Burnout due to overwork.

Question 43

What is a focus area for new analysts to prevent burnout?

Answer 43

Growth and skills development.

Question 44

What should be the biggest focus areas for new analysts?

Answer 44

Growth and skills

Question 45

What happens if new analysts max out their capabilities quickly?

Answer 45

They won’t stay long

Question 46

How should new analysts’ learning be paced?

Answer 46

As fast as they can handle

Question 47

When should new tasks be added for new analysts?

Answer 47

As soon as they master current tasks

Question 48

What indicates it’s time to push new analysts toward new tasks?

Answer 48

When they look bored or “cherry pick” alerts

Question 49

What types of training should be provided to new analysts?

Answer 49

On-the-job, peer-led, and formal training

Question 50

What is the goal of the training for new analysts?

Answer 50

To reach tier 2 level quickly

Question 51

What should never happen to experienced analysts?

Answer 51

Finding the “ceiling” of learning

Question 52

What should be provided if no one is left to train experienced analysts?

Answer 52

Additional outside training

Question 53

How can creativity help experienced analysts?

Answer 53

By creating new and difficult challenges

Question 54

What should experienced analysts be given to leverage their skills?

Answer 54

Vague descriptions and autonomy

Question 55

What should be done to leverage experienced analysts’ power?

Answer 55

Assign new tools, automation, improvements

Question 56

How should tasks be geared for optimal growth?

Answer 56

Toward the edge of their capabilities

Question 57

What state do tasks at the edge of capabilities induce?

Answer 57

Flow state

Question 58

What is essential for understanding employees’ capabilities?

Answer 58

Regular one-on-one meetings

Question 59

What is “Deep Work”?

Answer 59

Distraction-free concentration pushing cognitive limits

Question 60

What has exponentially increased in corporate communications over the last few decades?

Answer 60

Email communications

Question 61

What has replaced or augmented email in recent years for real-time communication?

Answer 61

Slack, Teams, and other chat platforms

Question 62

What problem do new collaboration tools introduce despite addressing email issues?

Answer 62

Interrupting deep work

Question 63

How often do employees who use Slack check their channels on average?

Answer 63

Once every five minutes

Question 64

What is a significant challenge in a dynamic SOC environment?

Answer 64

Maintaining focus while context-switching

Question 65

What do neuroscientists and psychologists say about our attention?

Answer 65

It is fundamentally single-tasked

Question 66

What must be given to minimize burnout and keep people in their “flow channel”?

Answer 66

Time and space for deep work

Question 67

What is the goal in promoting deep work?

Answer 67

Reduce or eliminate shallow work

Question 68

What percentage of time did a SOC team spend on shallow work in a recent consulting engagement?

Answer 68

About 70%

Question 69

What should SOC tools and processes promote?

Answer 69

Deep work by leaving room for focus

Question 70

What model is useful for understanding human behavior in performance management?

Answer 70

Thomas Gilbert’s Behavior Engineering Model (BEM)

Question 71

What should managers consider when an employee is not meeting expectations?

Answer 71

Both environment and individual motivations

Question 72

What are the three external factors in the BEM?

Answer 72

Data, Resources, Incentives

Question 73

What are the three internal factors in the BEM?

Answer 73

Knowledge, Capacity, Motives

Question 74

What is crucial for staff retention and burnout mitigation?

Answer 74

Optimize for growth, skills, empowerment, and creativity

Question 75

What is beneficial for both the organization and team mental health?

Answer 75

Good organizational practices

Question 76

What can prevent people who enjoy their work from having a bad experience?

Answer 76

Effective techniques

Question 77

What can help save good talent if employees aren’t interested in their job?

Answer 77

Job rotations to other groups

Question 78

What can minimize factors that influence burnout?

Answer 78

Commitment

Question 79

What is culture according to Ben Horowitz?

Answer 79

How your team makes decisions when you’re not there

Question 80

What should you do to build the SOC culture you want?

Answer 80

Know yourself and your limitations

Question 81

What should you provide to encourage desired behaviors and decisions?

Answer 81

Constructive feedback

Question 82

What is the first step in building a better team culture?

Answer 82

Define and communicate your values

Question 83

What should you gather to ensure your culture is moving in the right direction?

Answer 83

Metrics like turnover and retention rates

Question 84

What can higher-than-usual turnover indicate?

Answer 84

You may have a culture problem.

Question 85

What should you be open to from your team to build trust?

Answer 85

Criticism and feedback.

Question 86

What should you examine in the context of team values?

Answer 86

Your own mistakes.

Question 87

What is building a positive culture described as?

Answer 87

An iterative process.

Question 88

What is culture compared to in its cyclical nature?

Answer 88

Human capital.

Question 89

What are signs you have a culture problem?

Answer 89

High turnover, failing priorities, shocking actions.

Question 90

Who are the possible culture-breaking personality types?

Answer 90

The Heretic, The Flake, The Jerk, The Prophet of Rage.

Question 91

What might indicate a culture problem despite good processes and people?

Answer 91

Team not operating at a high level.

Question 92

What are signs your team may be off track?

Answer 92

High turnover, low satisfaction, shocking actions.

Question 93

What should you do if a team member surprises you with bad behavior?

Answer 93

Investigate whether it’s an aberration or pattern.

Question 94

What might you need to do with disruptive team members?

Answer 94

Identify and take action.

Question 95

What are common failures in building a positive team culture?

Answer 95

Not correcting behaviors, negative incentives, poor communication.

Question 96

What is a manager’s job in terms of team expectations?

Answer 96

Manage expectations and highlight risks.

Question 97

What is “management debt”?

Answer 97

Convenient solutions causing long-term issues.

Question 98

What is management debt?

Answer 98

Incurring too much management debt can result in management bankruptcy.

Question 99

Name common forms of management debt.

Answer 99

Two in the box, matching offers, lacking performance management, disliked tasks.

Question 100

What is the risk of promoting two co-leads?

Answer 100

Confusion about roles and responsibilities.

Question 101

What happens when an analyst gets a higher offer elsewhere?

Answer 101

Morale dips and retention problems increase.

Question 102

Why should matching offers be a temporary solution?

Answer 102

It is not a long-term retention strategy.

Question 103

Why might teams lack formal performance management processes?

Answer 103

To avoid becoming “too corporate.”

Question 104

What is the consequence of no performance management?

Answer 104

Performance suffers, and issues are unidentified.

Question 105

Why is constructive feedback necessary?

Answer 105

To maintain performance, even in high-performing teams.

Question 106

What is a common issue with keeping people on tasks they dislike?

Answer 106

They may leave, taking key knowledge with them.

Question 107

What is essential for building a positive SOC culture?

Answer 107

Constant attention, iteration, and communication

Question 108

Who can be your best allies in building SOC culture?

Answer 108

Human resources, benefits managers, finance team

Question 109

What should you do with culture-breaking behaviors?

Answer 109

Address them quickly and decisively

Question 110

What must you have to resolve management debt?

Answer 110

A plan to resolve it at the first opportunity

Question 111

What is essential to show SOC ROI and justify budget?

Answer 111

Getting SOC metrics right

Question 112

What famous quote by Peter Drucker is mentioned about metrics?

Answer 112

You cannot manage what you cannot measure

Question 113

Why are SOC metrics challenging yet crucial?

Answer 113

They show ROI, justify budget, and validate operations

Question 114

What is the goal of the metrics module?

Answer 114

To derive useful metrics tied to SOC objectives

Question 115

What is the OKR system and who invented it?

Answer 115

Objectives and Key Results, invented by Andrew Grove

Question 116

What book discusses separating “important” from “urgent”?

Answer 116

The 4 Disciplines of Execution

Question 117

What is the purpose of the book “Measure What Matters”?

Answer 117

To lay out the OKR system.

Question 118

What does the book “The 4 Disciplines of Execution” focus on?

Answer 118

Setting priorities and ensuring follow-through.

Question 119

What are the two main activities of a SOC?

Answer 119

Ops and improvements.

Question 120

What is the purpose of metrics in a SOC?

Answer 120

To measure a business process.

Question 121

What is a metric?

Answer 121

A tool used to measure something.

Question 122

What is a KPI?

Answer 122

A tool to track key area performance.

Question 123

What additional component does a KPI have compared to a metric?

Answer 123

Target/Threshold Value.

Question 124

What is the goal of a KPI?

Answer 124

To maintain the status quo.

Question 125

What is the difference between a metric and a KPI?

Answer 125

KPIs include target values.

Question 126

What do car dashboard gauges represent?

Answer 126

Calculations of some metric with current value

Question 127

What additional feature do dashboard gauges usually include?

Answer 127

Bounds of “normal”

Question 128

Why are oil temperature and pressure gauges considered KPIs?

Answer 128

Show if temperature/pressure is too high/low

Question 129

What do metrics with bounds and thresholds indicate?

Answer 129

Ongoing processes needing action if exceeded

Question 130

What is an example of an objective in OKRs?

Answer 130

Minimize successful phishing

Question 131

What defines key results in OKRs?

Answer 131

Specific, measurable progress indicators

Question 132

What is an example of a key result for minimizing phishing?

Answer 132

Fewer than five phishing infections per week

Question 133

What components are required for a key result?

Answer 133

Metric, current value, target value, start value

Question 134

How are key results different from KPIs?

Answer 134

Temporary for new initiatives, not daily measures

Question 135

What is the purpose of KPIs?

Answer 135

Continual measure of daily operations

Question 136

How can OKRs help when KPIs are out of line?

Answer 136

Develop objectives and key results to fix issues

Question 137

What do daily operations KPIs measure?

Answer 137

Business as usual processes

Question 138

What do OKRs measure in SOC goals?

Answer 138

Improvements and initiatives

Question 139

What question do KPIs answer?

Answer 139

Are we operating as expected?

Question 140

What is the role of OKRs according to Perdoo?

Answer 140

Define and measure initiatives for key results

Question 141

What is the source of the SOC-centric chart modification?

Answer 141

Perdoo’s blog post on OKRs and KPIs

Question 142

What are the first two steps in the SOC process overview?

Answer 142

Collect Goals, Clarify Meaning

Question 143

What is the purpose of metrics in security cases?

Answer 143

Drive decisions or demonstrate value

Question 144

What should metrics for a managed service SOC reflect?

Answer 144

Alerts handled, incidents reported, customer interactions closed

Question 145

What should metrics for a national or HQ-level SOC focus on?

Answer 145

Campaign analysis, intelligence from subordinate SOCs

Question 146

What does a problem well-stated represent?

Answer 146

A problem half solved

Question 147

What is a key aspect of successful metrics?

Answer 147

Top-down derived metrics for goal alignment

Question 148

What system is mentioned for goal alignment in metrics?

Answer 148

Goal Question Metric (GQM)

Question 149

What technique helps guarantee the usefulness of a metric?

Answer 149

Tie the collection to a “why”

Question 150

What is the Goal Question Metric (GQM) system?

Answer 150

System for deriving metrics from goals

Question 151

What are the three steps in the GQM system?

Answer 151

Decide goals, questions, and needed data

Question 152

What makes a metric useful according to GQM?

Answer 152

It answers a question about meeting objectives

Question 153

What is the first step in bringing metric information to an organization?

Answer 153

Categorizing the data you have or want

Question 154

What should you do if you want to improve your current metrics?

Answer 154

Start with collecting additional metrics

Question 155

What are the four criteria for a good metric according to Andrew Jaquith?

Answer 155

Consistently measured, cheap, cardinal, unit-based

Question 156

What is a bad metric according to Andrew Jaquith?

Answer 156

Metrics relying on human judgment without strict guidelines

Question 157

Why is the frequency of metrics production important?

Answer 157

Minimize delay between measurement and reaction

Question 158

What is the OODA loop?

Answer 158

Observe, Orient, Decide, Act

Question 159

How should you match your metrics sample rate?

Answer 159

To the rate of what you’re measuring

Question 160

What happens without frequent measurements?

Answer 160

Signs of being off track may go unnoticed

Question 161

How should good metrics be gathered?

Answer 161

Effortlessly, automated, short timescale

Question 162

What is the goal of quick-moving metrics?

Answer 162

Minimize delay between measurement and reaction

Question 163

What is an example of a poor sampling rate?

Answer 163

Checking for spam email waves once a day

Question 164

How should KPIs be documented?

Answer 164

With measure, target/threshold, source, frequency

Question 165

What should the frequency of sampling be compared to?

Answer 165

Rate of the event occurring

Question 166

What should you document in an organized database?

Answer 166

KPIs and metrics

Question 167

What fields should you track for metrics?

Answer 167

Measure, Target/Threshold, Source, Frequency

Question 168

What question should you ask when identifying KPIs?

Answer 168

What does “operating as normal” mean?

Question 169

What are examples of “as normal” targets?

Answer 169

Customer requirements, SOC goals, history

Question 170

What do daily operational measures provide?

Answer 170

Context by limits and thresholds

Question 171

What should you consider for daily operational measures?

Answer 171

Define “business as usual” or “operating as normal”

Question 172

What might define “normal” for SOC?

Answer 172

Telemetry, alert queue, incidents, work backlog

Question 173

Where might the definition of “normal” come from?

Answer 173

Externally defined or historical data

Question 174

What is important for MSSPs regarding “operating as normal”?

Answer 174

Hitting SLAs or key promises

Question 175

What is a hard goal for internal SOC measures?

Answer 175

99.9% of active assets reporting security data

Question 176

What should you do if a numeric goal is hard to define?

Answer 176

Look for anomalies based on history

Question 177

What makes a metric a candidate for a KPI?

Answer 177

Key area of operation needing monitoring

Question 178

What should be done with key data on a dashboard?

Answer 178

Ensure they stay within correct parameters

Question 179

What do operational metrics and KPIs represent?

Answer 179

Key data available on a near-constant basis

Question 180

What should you consider when choosing SOC metrics?

Answer 180

Each stage of the SOC process

Question 181

What defines “normal” for collection and triage?

Answer 181

Potential metrics and KPIs

Question 182

What are we looking for in metrics and KPIs?

Answer 182

Goal-aligned, clear, convenient measures

Question 183

What should metrics help the team do?

Answer 183

Monitor for issues or answer questions

Question 184

How should improvement goals be written?

Answer 184

Objectives with specific and quantifiable key results

Question 185

What should objectives and key results clarify?

Answer 185

End state, actions, success measurement

Question 186

What is the purpose of Key Results in OKRs?

Answer 186

Measure if objectives are successfully met

Question 187

What should happen to phishing-based incidents as a Key Result example?

Answer 187

Drop to below five per week

Question 188

Why is breaking down projects important?

Answer 188

Clarifies how initiatives tie to objectives

Question 189

What should you do if key results aren’t materializing?

Answer 189

Replace or re-evaluate the initiative

Question 190

What is the purpose of monitoring KPIs?

Answer 190

Detect anomalies and “out of normal” events

Question 191

What should you do if an initiative doesn’t move the key results?

Answer 191

Try a new approach or identify why

Question 192

What is the next challenge after defining OKRs and KPIs?

Answer 192

Tackle both operational tasks and improvements

Question 193

Why are people drawn to operational tasks?

Answer 193

Seen as the most immediate and important need

Question 194

What is the risk of focusing only on day-to-day tasks?

Answer 194

Potentially at the cost of long-term improvement

Question 195

What is the purpose of the 4 Disciplines of Execution (4DX)?

Answer 195

Drive continuous improvement and avoid daily firefighting

Question 196

What is the first principle of 4DX?

Answer 196

Focus on the Wildly Important Goal (WIG)

Question 197

What is a WIG according to 4DX?

Answer 197

Most important objective needing special attention

Question 198

How do you define a WIG?

Answer 198

Identify starting line, finish line, and deadline

Question 199

What does SOC stand for?

Answer 199

Security Operations Center

Question 200

What is the Eisenhower Matrix used for?

Answer 200

Ranking tasks by urgency and importance

Question 201

What should you prioritize according to the Eisenhower Matrix?

Answer 201

Non-urgent and important tasks

Question 202

What is the key insight from this section?

Answer 202

Delaying urgent, unimportant tasks for important ones

Question 203

What is the focusing question from “The ONE Thing”?

Answer 203

What’s the ONE Thing you can do to make everything else easier or unnecessary?

Question 204

What is the theory of constraints?

Answer 204

Methodology to improve system performance by addressing bottlenecks

Question 205

How do you identify a bottleneck in a system?

Answer 205

Look for the step with the lowest bandwidth where items pile up

Question 206

What is the only way to improve a system according to the theory of constraints?

Answer 206

Increase throughput at the bottleneck

Question 207

Where should you take measurements in a process?

Answer 207

At every useful stage of the process

Question 208

What are lead measures?

Answer 208

Metrics that track activities driving a goal

Question 209

What are lag measures?

Answer 209

Metrics that track the success of a goal

Question 210

What is a lag measure?

Answer 210

A metric measuring past events

Question 211

Why aren’t lag measures often the best metrics?

Answer 211

They lack predictive power

Question 212

What is a lead measure?

Answer 212

Metrics measuring process inputs

Question 213

Why do lead measures have predictive power?

Answer 213

They measure process inputs determining outputs

Question 214

What matters most in achieving goals according to 4DX?

Answer 214

Controlling lead measures

Question 215

What is an example of a lag measure in weight loss?

Answer 215

Weight on the scale

Question 216

Why doesn’t tracking weight help achieve weight loss?

Answer 216

It only shows past results

Question 217

What are examples of lead measures in weight loss?

Answer 217

Diet and exercise

Question 218

What happens when inputs are controlled?

Answer 218

Outputs must follow

Question 219

What is the third principle in 4DX?

Answer 219

Keeping a compelling scoreboard

Question 220

What is a compelling scoreboard in 4DX?

Answer 220

A player-centric progress view

Question 221

Why is a scoreboard important in 4DX?

Answer 221

Creates engagement and focus

Question 222

What is the fourth principle in 4DX?

Answer 222

Creating a cadence of accountability

Question 223

What are the three questions in a commitments report?

Answer 223

Did I meet commitments? Did they move the scoreboard? What will I commit to?

Question 224

Why are people more likely to commit to their own ideas?

Answer 224

Autonomy and creativity

Question 225

What drives morale and engagement in 4DX?

Answer 225

Seeing positive impact on WIG

Question 226

What are the two key ideas behind 4DX’s success?

Answer 226

Creating a winnable game, facilitating engagement

Question 227

Why are employees more likely to respect deadlines they set themselves?

Answer 227

They feel more ownership and responsibility.

Question 228

What effect do personal commitments between teammates have?

Answer 228

They feel like personal promises.

Question 229

What does the 4DX system allow teammates to see?

Answer 229

Positive impact of their actions.

Question 230

What is the goal of the 4DX system?

Answer 230

Set team on a course to success.

Question 231

What are metrics?

Answer 231

Measurements with a current value.

Question 232

What are KPIs?

Answer 232

Measurements plus a target/threshold.

Question 233

What are OKRs?

Answer 233

Measurements plus a defined start, end, current value.

Question 234

What does the 4DX process emphasize?

Answer 234

Finding and focusing on WIG.

Question 235

What should you consider when creating good metrics?

Answer 235

Problems you’re trying to solve.

Question 236

What is the goal of metrics for projects?

Answer 236

Define how close you are to completing.

Question 237

What does the OKR system help with?

Answer 237

Separating the goal, actions, and measures.

Question 238

What challenge exists beyond measuring improvement projects?

Answer 238

Validating people take time to work on them.

Question 239

What system helps confirm execution on initiatives?

Answer 239

The 4 Disciplines of Execution (4DX).

Question 240

What does the 4DX system create?

Answer 240

A winnable game.

Question 241

What is reflected in the improvement of daily metrics?

Answer 241

Effectiveness of the SOC and ROI.

Question 242

What is the key concept in information security discussed in the text?

Answer 242

Prioritization.