The Overnight Shift Obligation – 10 Things I Hate About Cybersecurity: A Love Story

Cyber threats are real

Subscribe newsletter

Hi! I am Nick Gipson, the Director of Cyber Operations here at Pareto Cyber. This is Part 9 of my 10-Part series on “10 Things I Hate About Cybersecurity: A Love Story” where I dissect the problems within this industry and my personal encounters with them. You can find the other parts of this series here.

The Issue

Back in the day, every company wanted their cybersecurity analysts physically in the same country as themselves.

You’d get entire offices of security specialists sitting in dedicated brick-and-mortar buildings, ready to tend to any alerts that might pop up. And since most large companies require 24/7 threat detection and response, many of these analysts had to work night shifts. That way, the clients always had cybersecurity support available.

Now, though, when I hear about anyone in the industry working night shifts, I wonder why in the world they would choose to do that.

Thanks to the rise of SaaS, most security operations run in the cloud. We no longer have to sit in stuffy offices under fluorescent lights at any time of day. Like many others in tech, cybersecurity specialists can easily work remotely. Thankfully, most companies recognize that.

So, why are we still making remote analysts work night shifts?

Why It Matters

This tendency to force analysts to work from within the U.S. doesn’t really make sense.

If you’re already operating remotely, why does it even matter where your team members are based? The only situation for which that distinction matters is for government projects, which have to worry about security clearances and national interests. For private companies… it’s silly.

Working a night shift is unnatural. Our bodies were not made for it. When an analyst works overnight, they burn out. And when people burn out, they can’t perform at full capacity. That’s how mistakes happen.

In cybersecurity, mistakes can be very costly.

What Can We Do?

The alternative to this rigid insistence on overnight shifts is quite simple.

Hire people from time zones that match the gap between U.S. working hours. This way, clients still get 24/7 security support. But no analyst has to sacrifice their health and wellbeing to push through the night. 

I can already hear some of you arguing that hiring internationally could never work. I’ve heard those excuses before:

  • There’s a language barrier to deal with.
  • Analysts in other countries aren’t as skilled as domestic ones.
  • The legal and cultural challenges are too hard to navigate.

Guess what: none of those objections are true.

North America isn’t the only place with fantastic security specialists. Other countries also have good IT educations. Many international analysts are not only skilled, but also speak fluent English. 

As for HR and logistical challenges… don’t you think delivering a superior customer experience while keeping your workforce happy is worth it?

At Pareto Cyber, we operate in an analyst-centric way. If our analysts are happy, then they can focus on the client. When they can go that extra mile, then our clients are happy, too. This model is reciprocal, allowing us to provide the best service we can. After all, we are here to protect our clients.

Lastly, burnt out employees can never detect or respond to threats as quickly and effectively as well-rested ones.