TRENDING
workforces through training academies or job
rotations. “The primary driver for us are skills,”
said Claus Tepper, Head of Cybersecurity
Operations at Absa Group. “And I think South
Africa is, as everywhere else, fundamentally
challenged to getting the right people on
board.” To solve that, Absa jumpstarted
an academy to develop and train talent
recognising that it takes years for a team to
become fully SOC-efficient.
In the report, all Think Tank members
highlighted the importance of ensuring SOC
analysts and engineers are tuned into the
company’s cybersecurity strategy, business
processes and overall business. Malcolm
Harkins, Chief Security and Trust Officer
at Cymatic, believes team structures can
help with upskilling: “I believe structure
drives behaviour,” Harkins said. “We’ve had
creative ways of getting people out of their
day jobs, such as job rotations between
teams and factory tours for security and
management at just the cost of time and
travel because when people understand the
criticality and unique needs of a function,
they’re usually impressed.”
In-house versus outsourced –
relationships matter
Dependent on business needs, third party
providers, like in other areas of the business,
can be extremely valuable or, conversely,
hinder progress.
When an outsourced relationship becomes
a cybersecurity partnership, an external SOC
team can be a key partner in addressing
issues and shaping the organisation’s
long-term security needs. However, a lack of
physical presence in the office
can cause miscommunication
or trust issues, which are
detrimental to the business.
CR Think Tank members
highlights, that no matter if
the SOC team is internal or
external, the onus is on the
CISO to showcase the SOC
team’s value. As that team
function is not often seen as
a core competency, building
relationships with the senior
executive leadership team will
ensure CISOs have what they
need for success.
Technology and automation –
avoid the security chase
Automation has the potential to transform
the life of a SOC analyst. Notably by
increasing productivity and decreasing Mean
Time to Resolution (MTTR). The experts
recommend building automation into every
project to make it part of the organisation’s
structure. When it is thought about early on,
automation becomes a natural part of every
process. Shawn Valle, Chief Information
Security Officer at Rapid7 agreed, stating:
“Software developers build based on APIs and
then build UI on top of APIs, which is worthy
of exploration in SecOps teams. That strategy
of building automation from the beginning,
we believe, makes analysts stronger and
better versus using fewer people.”
The report highlights the potential of
automation in the SOC but does warn
against the over-use of it as it can make an
organisation’s actions easier to predict and
therefore more vulnerable to threat actors.
“Automation itself is a form of vulnerability,”
said Sam Curry, Chief Security Officer at
Cybereason. “You have to check your blind
spot at pseudo-random intervals to see
who’s hiding there because the machine will
become predictable and therefore exploitable.
So, the mission is not to automate for the
sake of it but to make the humans more
effective, improving the value of their output
without weakening the whole.”
The CR Think Tank agreed that business
and security need to be in lockstep to be
proactive whenever possible and avoid the
security chase.
Processes and efficiency –
seating plans as the key to success?
Finally, the report highlights the importance
of physical proximity when dealing with
tech teams.
Seating location within an office can make a
big difference – many companies opt to put
their tech and security teams next to each
other to foster creativity, agility and better
communication. For example, seating SOC
teams next to the product team can improve
efficiencies in terms of how they iterate and
build new tools. However, for employees who
work remotely, communicating with internal
teams frequently to ensure alignment on
priorities and objectives is key.
No matter what an organisation’s SOC setup
is, the most important factor is relationships.
SOC teams, whether internal or external,
need to be invested in the organisation’s
mission and its core targets. With talented
individuals in short supply, training, upskilling
and using technology for efficiency gains are
key to transform your SOC team. •
“
SEATING
LOCATION WITHIN
AN OFFICE CAN
MAKE A BIG
DIFFERENCE –
MANY COMPANIES
OPT TO PUT
THEIR TECH AND
SECURITY TEAMS
NEXT TO EACH
OTHER TO FOSTER
CREATIVITY,
AGILITY
AND BETTER
COMMUNICATION.
20 INTELLIGENTCIO www.intelligentcio.com