The role of the CISO continues to take center stage as a business enabler: CISOs must navigate the complex digital threat landscape while driving innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former deputy CISO at Nike; and Tammy Moskites, founder of CyAlliance and former CISO at companies like Time Warner and Home Depot, shared their insights on how to run an effective SOC in 2023.
1) Prioritize profitability while remaining “secure”
As a world-renowned speaker, co-author of an Amazon bestseller, and trusted commentator on leading news networks such as NBC, CBS, and Fox, Troy Wilkinson knows a thing or two about cybersecurity. When adopting new technologies, Troy points out that CISOs don’t have the luxury of waiting months or years to see the value of new investments; “The time to value creation is crucial. New solutions must generate value quickly. »
Rob Geurtsen, former deputy CISO at Nike, joined Hunters as CISO in residence Last year. Rob believes that in times of economic uncertainty, CISOs should optimize the security operations center (SOC) by making strategic investments that deliver long-term benefits. It is essential to evaluate the best projects and focus on the “must-haves”. CISOs need to ask themselves what needs to be accomplished in the current year and what can be carried over to the next year.
Both Troy and Rob recommend aligning security initiatives with cost-saving measures and demonstrating long-term benefits to organizational leaders.
2) Use automation to improve SOC efficiency
Both Tammy Moskites and Rob Geurtsen agree that automation is consistently highlighted as a priority for CISOs. Automation tools make the role of SOC analysts more productive by streamlining threat detection and response. Both Tammy and Rob emphasize that the vast amount of data produced and maintained by organizations requires effective analysis tools. Automation helps close the cybersecurity skills gap. CISOs who invest in automation can hire fewer analysts and allow them to focus on high-priority tasks, reducing the volume of manual triage work. This view is shared by Troy Wilkinson who confidently states: “Automation is where teams create efficiency.” Automation plays a central role in improving SOC efficiency, reducing alert fatigue, and optimizing resource utilization.
3) Set clear KPIs: focus on what matters
Key metrics for security operations have evolved beyond simply measuring the number of threats identified and contained. The strengthened regulatory framework that aims for more transparency on breaches requires companies not only to contain threats, but also to do so quickly, effectively and transparently. Tammy Moskites believes that CISOs are increasingly measured by how quickly their teams can detect and contain threats. There is also a greater emphasis on using lessons learned from previous threats to develop playbooks for future incidents.
4) Prepare and communicate a solid business continuity plan
CISOs should have a well-defined business continuity and disaster recovery (BCDR) plan, as well as updated manuals. Security teams are proactive in the face of evolving threats and it is essential for a mature SecOps team to have staff trained for real-time events. It is advisable to inform leadership of the plans in place for disaster scenarios to ensure that all departments are aligned on actions to take during and after a serious incident.
While there are some differences in emphasis and detail, clear trends emerge from the insights of these cybersecurity experts. They all highlight the importance of aligning cybersecurity with business objectives, maximizing efficiency through automation, adapting metrics to reflect threat dynamics, and being proactive in preparing for disasters. This collective knowledge provides a comprehensive perspective on maintaining an effective security operations center in an ever-changing landscape.
Hunters is a SIEM alternative that reduces SOC costs and complexity. Visit hunters.security to learn more about the benefits of replacing your SIEM with Hunters.