…the SOC, but the truth is that IT people think in a structured way with rules, policies and procedures – but hackers are very unstructured and creative. To catch a hacker, you need to think like them, so hire a former programmer with problem-solving skills.
MJ: My personal stance is that when it comes to security operations, because of how involved and effective (it) has to be with the rest of the business, that outsourcing this piece of a business poses too much risk to be viable. I have yet to personally experience any business that has processes, clear communication and reporting lines, and enough integration to allow an outsourced SOC for an MSSP to do anything other than cause frustration.
CP: What do you hope attendees learn and can make use of from your session?
AR: My goal is for attendees to think carefully before deciding to spend the dollars to build their own SOC and make sure that they evaluate whether a borrow vs. build strategy is better for the short term until they determine if they are capable of selling SOC services.
MJ: I hope they learn that people cannot completely rely upon any silver bullet around security operations. There is no tool, no person or set of people that will make it magically work. With how much technology is embedded within every business in the world we live in these days, it takes a lot of understanding, knowledge and adaptability to make a SOC be effective. This involves an investment into the people managing and utilizing the tools and processes for SOC operations.