Kashyap Thimmaraju (Technische Universitat Berlin), Duc Anh Hoang (Technische Universitat Berlin), Souradip Nath (Arizona State University), Jaron Mink (Arizona State University), Gail-Joon Ahn (Arizona State University)
The sustainability of Security Operations Centers depends on their people, yet 71% of practitioners report burnout and 24% plan to exit cybersecurity entirely. Flow theory offers a lens for understanding this human factor challenge: when job demands misalign with practitioner capabilities—whether through excessive complexity or insufficient challenge—work becomes overwhelming or tedious rather than engaging. We argue that achieving this balance begins at hiring, the earliest intervention point in a practitioner’s organizational journey. If job descriptions inaccurately portray role requirements, organizations risk recruiting underskilled practitioners who face chronic anxiety or overskilled ones who experience boredom. Both misalignments trigger burnout pathways, yet we lack empirical understanding of what skills and experience levels current SOC job descriptions actually specify, making it impossible to assess whether stated requirements set practitioners up for flow or frustration.
We address this gap by analyzing SOC job descriptions to establish the baseline of what challenge-skill profiles organizations claim to require. We collected and analyzed 106 public SOC job postings from November to December 2024 across 35 organizations in 11 countries, covering a range of SOC roles: Analysts, Incident Responders, Threat Hunters, and SOC Managers. Using Inductive Content Analysis, we coded certifications, technical skills, soft skills, tasks, and experience requirements (see Table I for an overview). Our preliminary analysis revealed three key patterns: (1) Communication skills dominate requirements (50.9% of 106 postings), substantially exceeding technical specifications like SIEM tools (18.9% of 106) or programming (30.2% of 106) suggesting that organizations prioritize communication and collaboration over purely technical capabilities. (2) Certification expectations are varied: CISSP leads (22% of 106), but 43 distinct credentials appear with no universal standard, creating uncertainty for practitioners about which certifications merit investment. (3) Technical requirements show clear patterns: Python dominates programming (27% of 106), Splunk leads SIEM platforms (14% of 106), and ISO 27001 (13% of 106) and NIST (10% of 106) are the most cited standards, indicating an emerging consensus on core technical competencies that can guide both hiring decisions and training priorities.
This work represents the first stage of a research agenda to prevent burnout through sustained alignment of challenge-skill. The findings from this study establish an empirical baseline for what organizations claim to need, enabling validation studies that compare the stated requirements with actual practice.