Ariel Weintraub Discusses the Coming Revolution in Security Operations: How Data Science and Automation Enables Inclusiveness
The global cybersecurity skills shortage has reached crisis proportions, with more than four million unfilled positions worldwide, according to the International Information System Security Certification Consortium (ISC)2’s most recent Cybersecurity Workforce Study. And the problem is worsening, with surveys indicating that nearly three-quarters of organizations are unable to find the talent they need to keep current employees’ workloads manageable and IT infrastructures secure. In the absence of innovative new ways of filling this talent pipeline, today’s businesses face unacceptable levels of risk.
Ariel Weintraub, Head of Security Operations and Engineering at MassMutual, has taken a new approach to the problem that promises to revolutionize professional development in security operations. Weintraub has over a decade of experience in security operations, identity and access management, threat and vulnerability management and risk remediation. She also has a passion for diversity and inclusiveness in the cybersecurity field, and she’s working hard to transform how security analysts are recruited, trained and mentored at MassMutual’s security operations center (SOC).
This trailblazing approach combines the use of data science and intelligent security automation with a healthy respect for curiosity and analytical skills in prospective hires to create a professional development path for security analysts that’s unique—empowering them to learn and succeed, improving retention rates, and reducing the organization’s risks along the way.
It’s an innovative strategy that not only has the potential to address the cybersecurity skills shortage but also promises to improve SOC efficiency and performance.
Diversity that goes beyond gender, race or class
In addition to her leadership role as Mass Mutual, Weintraub serves on the Board of Advisors of the Executive Women’s Forum on Information Security, Risk Management, and Privacy (EWF). At EWF, she has worked to create programs to encourage more millennials and women—both of which are highly underrepresented in the field—to work in cybersecurity.
“One thing that’s responsible for the talent gap is that we typically recruit people with very limited types of backgrounds for roles in cybersecurity. In order for us to be able to fill millions of open positions, we will have to expand our market,” she says.
Weintraub believes that the traditional focus on job candidates with computer science degrees or formal credentials like the Certified Information Systems Security Professional (CISSP) certification is too narrow. “We discuss diversity and inclusion tactics as a company,” she says. “In addition to focusing on increasing our representation of women, minorities and veterans, it’s just as important to focus on diversity of thought. We hire people with degrees in communications, business, psychology, linguistics and history. As long as they’re naturally curious, good at problem-solving, and have strong analytical thinking skills, we can teach them what they need to know about cybersecurity.”
Smart use of security automation supports creative problem-solving
MassMutual’s Security Operations program’s focus on intellectual diversity contributes to its staff’s ability to engage in creative problem-solving, since the organization endeavors to hire out-of-the-box thinkers. But their jobs have also been refined in ways that enable them to work more creatively. Because MassMutual’s SOC uses intelligent automation wherever possible in the security operations workflow, analysts’ roles require them to perform few repetitious tasks manually.
This means that new hires require less technical proficiency at the outset, but it also frees up time, which Weintraub’s employees are encouraged to invest in professional development. “Because our analysts don’t have to spend time manually triaging the millions of alerts we receive each day, they’re instead able to spend it learning things that will make them more successful in cybersecurity—or in other programs across the organization,” she explains.
Across the whole of the enterprise, MassMutual maintains a strong focus on professional development for all employees. “Every member of our team is supported in furthering their professional training and education,” says Weintraub. “Security analysts are asked to be working on the development of two new professional skills at any given time, and these can be entirely separate from their day-to-day responsibilities. Our use of automated solutions is what gives them the time they need to actually accomplish this.”
MassMutual’s SOC is uniquely positioned within the broader organization as well. Whereas most security analysts follow a career path that takes them from the Tier 1 analyst role to Tier 2 and then Tier 3, MassMutual encourages security analysts to proactively identify other areas within the cybersecurity organization or adjacent programs in the business that they’d be interested in advancing into, and then gain the skills they need to do so. “We specifically use our SOC as a talent pipeline,” says Weintraub. “This prevents us from having the retention issues that are commonly seen in this field.”
Enhanced efficiency means better performance, more rapid response times
For MassMutual, using automated solutions in its security operations program does more than free up analysts’ time for additional professional development or enable them to engage in more creative thinking, however. It also provides truly comprehensive monitoring coverage of all the alerts that sensors across the environment generate daily. MassMutual’s previous approach for this led to an excess of false positive alerts. Now, the SOC’s performance is stronger, and Weintraub has more confidence that malicious activities aren’t being missed.
“We do periodic red team exercises in which we test the SOC’s response to an alert that they don’t know isn’t real,” says Weintraub. “We just did our first one with our new software in place, and there was a significant improvement in response times. Our analysts had less noise to comb through, and they were able to react more quickly as a result.”
All in all, MassMutual’s use of SecOps automation is changing the shape of its security operations program by widening the number of people with different backgrounds who can be a good fit for the security analyst role. And, it’s making the security team more efficient and effective as well.