A Tale of Two CISOs: New Ideas to Solve the SecOps Talent Shortage
Last week I had the opportunity to speak with two CISOs. The first is the CISO of a Fortune 500 company with a 125+ member team, and the other is at a smaller company managing a four-person team.
While the scale of their teams and overarching responsibilities are somewhat different, the challenges they face from external sources (i.e. adversaries, regulators, their Boards [sort of joking]) are the same. However, the number one obstacle to complete their missions is finding and retaining the right security talent for their teams.
Security organizations struggle with hiring, training and retaining teams, and even if they do have people, the scale and complexity of the problem – sifting through mass amounts of data to find the symptoms of an attack – means that humans can’t do it without help.
The Fortune 500 CISO felt that Respond’s security analysis software gave them significant coverage they otherwise wouldn’t have had. Prior to the Respond Analyst, they tuned down the alerts coming off their IPSs. The Respond Analyst reviewed nearly 4.7 billion events this July, many that had been filtered out of their current workflow. It found a number of incidents that needed investigation without the false positives that bog down most SecOps teams. An army of security analysts cannot go through that much data. With Respond’s software, they are able to take the load off of their security operations teams, and reinvest those resources in other areas, in this case, AppSec.
The CISO of the smaller organization felt that because of the Respond Analyst, they didn’t need to hire additional team members (or outsource the work to an MSSP) to monitor and triage security events. What was an expected line item in next year’s budget became resources that the team is planning on using toward its network segmentation strategy.
In a recent customer case study, Kevin Bailey, the Cyber Defense Center Director at Kyriba mentioned that the biggest benefit to his security operations team is eliminating mundane security tasks that were better left to robots (including working the night shift). Implementing security operations software frees up the team to do more interesting work, in this case, threat hunting and incident response, while helping him move to 24x7 operations. This means a happier, more productive team.
I’ve recently joined Respond Software to lead our marketing team, and I’m excited about the opportunity before us. Respond Software is focused on helping organizations build stronger, happier security operations teams – reinforcing their current team and adding extra help through security analysis software, not additional people.