Page History
...
In most organizations, these skills will likely be dispersed among a team of people rather than expecting a single person to be fluent with all of these topics.
Beware Analyst Burnout
...
Some
...
organizations
...
may
...
have
...
a
...
small
...
enough
...
flow
...
of
...
incoming
...
vulnerability
...
reports
...
that
...
all
...
the
...
CVD-related
...
roles
...
can
...
be
...
fulfilled
...
by
...
a
...
single
...
team,
...
or
...
even
...
a
...
single
...
person.
...
Other
...
organizations
...
might
...
choose
...
to
...
split
...
the
...
technical
...
analysis
...
roles
...
apart
...
from
...
the
...
more
...
human-oriented
...
communication
...
and
...
coordination
...
roles.
...
No
...
matter
...
the
...
arrangements,
...
it
...
is
...
important
...
that
...
vendors
...
and
...
coordinators
...
establishing
...
a
...
CVD
...
capability
...
mitigate
...
the
...
potential
...
for
...
analyst
...
burnout.
...
Burnout
...
of
...
security
...
analysts
...
is
...
well-documented
...
phenomenon
...
[1
...
, 2, 3].
...
Analysts
...
working
...
full-time
...
in
...
a
...
CVD
...
process
...
are
...
at
...
risk
...
of
...
this
...
too.
...
A
...
vendor's
...
CVD
...
capability
...
may
...
receive
...
a
...
large
...
amount
...
of
...
incoming
...
reports
...
each
...
week,
...
especially
...
at
...
larger
...
vendors.
...
This
...
can
...
result
...
in
...
CVD
...
staff
...
becoming
...
stressed
...
and
...
having
...
low
...
job
...
satisfaction,
...
leading
...
to
...
lower
...
quality
...
of
...
work
...
and
...
ultimately
...
employee
...
attrition.
...
The
...
costs
...
of
...
lower
...
quality
...
work
...
(e.g.,
...
missing
...
an
...
important
...
report),
...
employee
...
turnover
...
(e.g.,
...
hiring
...
and
...
training
...
a
...
new
...
analyst),
...
and
...
associated
...
damage
...
to
...
the
...
vendor's
...
reputation
...
suggest
...
that
...
this
...
problem
...
should
...
be
...
addressed
...
ahead
...
of
...
time
...
with
...
reasonable
...
precautions.
...
At
...
the
...
CERT/CC,
...
we
...
have
...
attempted
...
to
...
mitigate
...
this
...
issue
...
with
...
reasonable
...
success
...
by
...
implementing
...
the
...
suggestions
...
below.
...
Research
...
has
...
shown
...
that
...
many
...
of
...
these
...
are
...
effective
...
responses
...
to
...
commonly-held
...
morale
...
problems
...
[3].
- Staying well-staffed and rotating responsibility. Organizations may choose to have several team members, trained in the CVD process and tools, who can temporarily assist should a regular CVD analyst be unavailable for any reason, even if these additional team members do not typically do CVD day-to-day. Of course, handing off reports between temporary and full-time analysts leads to other operational concerns as previously discussed, so this must be done carefully. Organizations must also take care that these temporary team members are not pulled away from their own work so often that they themselves experience burnout.
...
Overview
Content Tools