Human Dimensions of Cybersecurity Operations: Survey Insights from SOC Professionals in Malaysia

Mohd Haffezal Md Yahaya; Najwa Hayaati Mohd Alwi

doi:10.33102/dznmde05

Authors

Mohd Haffezal Md Yahaya Faculty of Science and Technology, Universiti Sains Islam Malaysia, Nilai 71800, Negeri Sembilan, Malaysia.
Najwa Hayaati Mohd Alwi CyberSecurity and Systems Research Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia, Nilai 71800, Negeri Sembilan, Malaysia.

DOI:

https://doi.org/10.33102/dznmde05

Keywords:

Security Operations Center (SOC); Human-Centric, Cybersecurity; Mean Time to Detect (MTTD); Mean Time to Respond (MTTR).

Abstract

Security Operations Centres (SOCs) form the operational core of cyber defence strategies across the world. They are tasked with ensuring continuous monitoring, triage, detection, and response to ever-evolving threats. However, conventional performance metrics used to evaluate SOC efficacy—such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and false positive rates—primarily assess system throughput while overlooking the psychosocial realities of the human analysts who underpin these metrics. This paper presents the findings of a quantitative workforce study conducted among 175 Malaysian SOC professionals across internal, hybrid, and managed security service provider (MSSP) environments. Using a Likert-based adaptation of the NIOSH Worker Well-Being Questionnaire (WellBQ), the study investigates stress, burnout, alert fatigue, task autonomy, psychological safety, tooling efficacy, and career development perceptions. Findings reveal that 73.1% of respondents experience emotional tiredness at least “Sometimes,” while 78.9% agree that more automation would improve their well-being. Notably, 68.0% reported having opportunities to grow and develop their careers within their SOC environments. These insights highlight the need for a paradigm shift in SOC performance measurement—one that integrates human-centric indicators alongside traditional technical KPIs. The paper concludes with empirically grounded recommendations for embedding well-being frameworks into operational security management to ensure sustainable, high-performing cybersecurity teams.

Downloads

Download data is not yet available.

References

[1] National Cyber Security Agency (NACSA), "Malaysia Cyber Security Strategy 2020-2024," National Security Council, Prime Minister's Department, Putrajaya, Malaysia, Oct. 2020. [Online]. Available: https://asset.mkn.gov.my/web/wp-content/uploads/sites/3/2019/08/MalaysiaCyberSecurityStrategy2020-2024Compressed.pdf

[2] J. Carson, “Mismatched metrics reflect lack of cybersecurity and business alignment,” Delinea, May 09, 2023. https://delinea.com/blog/aligning-cybersecurity-and-business-goals

[3] M. Vielberth, F. Bohm, I. Fichtinger, and G. Pernul, “Security Operations Center: A systematic study and open challenges,” IEEE Access, vol. 8, pp. 227756–227779, Jan. 2020, doi: 10.1109/access.2020.3045514.

[4] S. A. Chamkar, Y. Maleh, and N. Gherabi, “SOC Analyst Performance Metrics: Towards an optimal performance model,” EDPACS, vol. 68, no. 3, pp. 16–29, Sep. 2023, doi: 10.1080/07366981.2023.2259046.

[5] S. Chandran et al., “A human capital model for mitigating security analyst burnout,” 2015. [Online]. Available: https://www.usenix.org/system/files/conference/soups2015/soups15-paper-sundaramurthy.pdf

[6] A. Newman, R. Donohue, and N. Eva, “Psychological safety: A systematic review of the literature,” Human Resource Management Review, vol. 27, no. 3, pp. 521–535, Jan. 2017, doi: 10.1016/j.hrmr.2017.01.001.

[7] “SANS 2025 SOC Survey,” SANS Institute. https://www.sans.org/white-papers/sans-2025-soc-survey

[8] The MITRE Corporation. (2015). MITRE ATT&CK framework. https://attack.mitre.org

[9] N. I. of S. A. Technology, “The NIST Cybersecurity Framework (CSF) 2.0,” Aug. 2023. doi: 10.6028/nist.cswp.29.

[10] F. B. Kokulu et al., “Matched and Mismatched SOCs: A Qualitative study on Security Operations Center issues,” 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS ’19), p. 16, 2019, [Online]. Available: https://doi.org/10.1145/3319535.3354239

[11] S. Sauter et al., “NIOSH worker well-being questionnaire (WellBQ).,” Feb. 2024. doi: 10.26616/nioshpub2021110revised032024.

[12] A. Loconsolo, “Securing digital identities: From the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools,” Ph.D. dissertation, Politecnico di Torino, Italy, 2024.

[13] M. Anastasova, R. Azarderakhsh, and M. M. Kermani, “Fully Hybrid TLSv1.3 in WolfSSL on Cortex-M4,” in Proc. Int. Conf. Appl. Cryptogr. Netw. Security, 2024, pp. 376–395.

[14] D. Stebila, M. Campagna, and L. Chen, “Post-quantum key exchange for the Internet and the Open Quantum Safe project,” Proc. IEEE, vol. 108, no. 10, pp. 1780–1802, Oct. 2020, doi: 10.1109/JPROC.2020.3008703.

[15] N. Bindel and S. McCarthy, “The need for being explicit: Failed attempts to construct implicit certificates from lattices,” Comput. J., vol. 66, no. 6, pp. 1320–1334, 2023.

[16] T. E. Carroll, L. M. Redington, A. M. Moran-Schmoker, and A. J. Murray, “Inventory of Public Key Cryptography in US Electric Vehicle Charging,” Pacific Northwest National Laboratory (PNNL), 2023.

[17] K. Krishan, “Implementation of quantum-safe VPN,” M.S. thesis, Faculty of Informatics, Masaryk Univ., Brno, Czech Republic, 2025.

[18] G. D’Onghia, D. G. Berbecaru, and A. Lioy, “Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI,” in Proc. IEEE Symp. Comput. Commun. (ISCC), 2024, pp. 1–6.

[19] D. Berger, M. Lemoudden, and W. J. Buchanan, “Post-Quantum Migration of the Tor Application,” J. Cybersecurity Privacy, vol. 5, no. 2, p. 13, 2025.

[20] W. Yang, X. Li, Z. Feng, and J. Hao, “TLSsem: A TLS security-enhanced mechanism against MITM attacks in public WiFis,” in Proc. 22nd Int. Conf. Eng. Complex Comput. Syst. (ICECCS), 2017, pp. 30–39.

[21] L. P. Fraile et al., “Enabling Quantum-Resistant EDHOC: Design and Performance Evaluation,” IEEE Access, 2025.

[22] Q. Khan et al., “Toward Post-Quantum Digital Certificate for eSIM,” in Proc. Silicon Valley Cybersecurity Conf. (SVCC), 2024, pp. 1–3.

[23] S. Sunahara et al., “A Framework for Institutional Privacy Considered Full DNS over HTTPS Architecture,” IEEE Access, 2025.

[24] J. E. R. F. de Oliveira, “qSCMS: Post-quantum security credential management system for vehicular communications,” Ph.D. dissertation, Univ. São Paulo, Brazil, 2019.

[25] T. Waseem, “Analysis of PQConnect,” Master dissertation, Tampere University, Finland, 2025.

[26] H. Kwon, “Secure and Scalable Device Attestation Protocol with Aggregate Signature,” Symmetry, vol. 17, no. 5, p. 698, 2025.

[27] S. Paul, P. Scheible, and F. Wiemer, “Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial M2M communication,” J. Comput. Security, vol. 30, no. 4, pp. 623–653, 2022.

[28] J. Samandari and C. Gritti, “Post-Quantum Authentication and Integrity in 3-Layer IoT Architectures,” in Proc. Int. Conf. Privacy, Security and Trust (PST), 2024, pp. 1–11.

[29] G. Kornaros, G. Berki, and M. Grammatikakis, “Quantum-secure communication for trusted edge computing with IoT devices,” in Proc. IFIP Int. Conf. ICT Syst. Security and Privacy Protection, 2023, pp. 163–176.

[30] J. Stapleton and W. C. Epstein, Security Without Obscurity: A Guide to PKI Operations. Boca Raton, FL, USA: CRC Press, 2024.