John Petropoulos is a security architect with over 16 years of experience working with all types of security operation centers, large and small. Specializing in breach detection and incident response, John has designed content development strategies and integration approaches that support some of the largest security operations in the world.
Here at Respond Software, John is developing probabilistic models based on his experiences that evolved while working with a wide array of products and environments.
Recently, I watched a Facebook Research interview with Dr. Daphne Koller where she described the communication challenges that subject matter experts and data scientists face. She went on to describe how becoming ‘bilingual’ and open-minded can help in overcoming these challenges. As one of the subject matter experts at Respond Software, I can attest that
Security engineers supporting a Security Operations Center (SOC) face the difficult job of providing an appropriate quantity of actionable alerts to SOC analysts. Typically, they are tasked with presenting alerts of interest to the analyst and they accomplish this by managing detection technologies, developing detection content and integrating security context. As they try to maintain the analyst’s console, their duties become overly complicated and riddled with hidden costs.
Recently, I’ve found myself reminiscing about my early experiences as a security operations center (SOC) analyst and how much the industry has changed in the last 15 years. I can’t help but notice that despite all the technology we’ve thrown at the SOC, we really haven’t changed things that much.