The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Warner Brothers and Home Depot – shared their perspectives on how to run an effective SOC in 2023.
1) Prioritize Cost Efficiency While Remaining 'Secure'
As a world-renowned speaker, a co-author of an Amazon Best Seller, and a trusted commentator on prominent news networks such as NBC, CBS, and Fox, Troy Wilkinson, knows a thing or two about cybersecurity. When adopting new technologies, Troy reinforces that CISOs don't have the luxury of waiting months or years to see the value of new investments; "Time to Value is critical. New solutions need to deliver value quickly."
Rob Geurtsen, former Deputy CISO at Nike, joined Hunters as CISO-in-residence last year. Rob believes that during times of economic uncertainty, CISOs should optimize the Security Operations Center (SOC) by making strategic investments that yield long-term benefits. It's essential to evaluate top projects and focus on the 'must-haves.' CISOs should ask themselves what needs to be accomplished in the current year and what can be deferred to the following year.
Both Troy and Rob recommend aligning security initiatives with cost-saving measures and demonstrating the long-term benefits to organizational leaders.
2) Use Automation to Improve SOC Efficiency
Tammy Moskites and Rob Geurtsen both agree that automation is consistently highlighted as a priority for CISOs. Automation tools make the role of SOC Analysts more productive by streamlining threat detection and response. Both Tammy and Rob emphasize that the vast amount of data produced and retained by organizations requires efficient tools for analysis. Automation helps address the skills gap in cybersecurity. CISOs that invest in automation can hire fewer analysts and allow them to focus on high-priority tasks – reducing the volume of manual triage work. This view is shared by Troy Wilkinson who confidently states, "automation is where teams create efficiency." Automation plays a pivotal role in enhancing SOC efficiency, reducing alert fatigue, and maximizing the utilization of resources.
3) Set Clear KPIs: Focus on What Matters
Key metrics for security operations have evolved beyond just measuring how many threats were identified and contained. The increased regulatory framework that aims for more transparency around breaches forces companies not only to contain threats, but also to do it quickly, efficiently, and with full disclosure. Tammy Moskites believes that CISOs are increasingly being measured on how quickly their teams can detect and contain threats. There's also more emphasis on using learnings from previous threats to develop playbooks for future incidents.
4) Prepare and Communicate a Robust Business Continuity Plan
CISOs must have a well-defined Business Continuity and Disaster Recovery (BCDR) plan, along with updated playbooks. Security teams are proactive in the face of evolving threats and that having trained personnel for real-time events is essential for a mature SecOps team. Briefing the c-suite on the plans in place for disaster scenarios is advised to ensure that all departments are aligned on actions that need to be taken during and after a serious incident.
While there are some differences in emphasis and details, there are clear patterns across these cybersecurity experts' insights. They all underscore the importance of aligning cybersecurity with business objectives, maximizing efficiency through automation, adapting metrics to reflect threat dynamics, and being proactive in disaster preparedness. These collective insights offer a well-rounded perspective on maintaining an effective Security Operations Center in a constantly evolving landscape.
Hunters is an SIEM alternative that reduces cost & complexity for the SOC. Visit hunters.security to learn more about the benefits of replacing your SIEM with Hunters.