TRENDING
Shawn Valle, Chief Information Security
Officer at Rapid7 agreed, stating: “Software
developers build based on APIs and then
build UI on top of APIs, which is worthy of
exploration in SecOps teams. That strategy of
building automation from the beginning, we
believe, makes analysts stronger and better
versus using fewer people.”
The report highlights the potential of
automation in the SOC but does warn
against the over-use of it as it can make an
organisation’s actions easier to predict and
therefore more vulnerable to threat actors.
“Automation itself is a form of vulnerability,”
said Sam Curry, Chief Security Officer at
Cybereason. “You have to check your blind
spot at pseudo-random intervals to see
who’s hiding there because the machine will
become predictable and therefore exploitable.
So, the mission is not to automate for the
sake of it but to make the humans more
effective, improving the value of their output
without weakening the whole.”
The CR Think Tank agreed that business
and security need to be in lockstep to be
proactive whenever possible and avoid the
security chase.
Processes and efficiency –
seating plans as the key to success?
Finally, the report highlights the importance
of physical proximity when dealing with
tech teams.
Seating location within an office can make a
big difference – many companies opt to put
their tech and security teams next to each
other to foster creativity, agility and better
communication. For example, seating SOC
teams next to the product team can improve
efficiencies in terms of how they iterate and
build new tools.
However, for employees who work remotely,
communicating with internal teams
frequently to ensure alignment on priorities
and objectives is key. No matter what
an organisation’s SOC setup is, the most
important factor is relationships. SOC teams,
whether internal or external, need to be
invested in the organisation’s mission and
its core targets. With talented individuals in
short supply, training, upskilling and using
technology for efficiency gains are key to
transform your SOC team. •
www.intelligentcio.com
INTELLIGENTCIO
27