decrypting myths
SOC analysts and engineers are tuned
into the company’s cybersecurity
strategy, business processes and
overall business. Malcolm Harkins, Chief
Security and Trust Officer at Cymatic,
believes team structures can help with
upskilling: “I believe structure drives
behaviour,” Harkins said. “We’ve had
creative ways of getting people out of
their day jobs, such as job rotations
between teams and factory tours for
security and management at just the
cost of time and travel because when
people understand the criticality and
unique needs of a function, they’re
usually impressed.”
In-house versus outsourced –
relationships matter
Dependent on business needs, thirdparty
providers, like in other areas of the
business, can be extremely valuable or,
conversely, hinder progress.
When an outsourced relationship
becomes a cybersecurity partnership, an
external SOC team can be a key partner
in addressing issues and shaping the
organisation’s long-term security needs.
However, a lack of physical presence in
the office can cause miscommunication
or trust issues, which are detrimental to
the business.
CR Think Tank members highlights, that
no matter if the SOC team is internal
or external, the onus is on the CISO
to showcase the SOC team’s value. As
that team function is not often seen as a
core competency, building relationships
with the senior executive leadership
team will ensure CISOs have what they
need for success.
Technology and automation –
avoid the security chase
Automation has the potential to
transform the life of a SOC analyst by
increasing productivity and decreasing
Mean Time to Resolution (MTTR). The
experts recommend building automation
into every project to make it part of
the organisation’s structure. When it
is thought about early on, automation
becomes a natural part of every
process. Shawn Valle, Chief Information
Security Officer at Rapid7 agreed,
stating: “Software developers build
based on APIs and then build UI on top
of APIs, which is worthy of exploration in
SecOps teams. That strategy of building
automation from the beginning, we
believe, makes analysts stronger and
better versus using fewer people.”
The report highlights the potential
of automation in the SOC but does
That strategy of
building automation
from the beginning,
we believe, makes
analysts stronger
and better versus
using fewer people.
warn against the over-use of it as it
can make an organisation’s actions
easier to predict and therefore more
68 Issue 27 | www.intelligentciso.com