Posts Tagged ‘Security Staffing’


Security technology spending is at an all-time high.  Determining the right strategy to reduce cost is essential to security planning and any CISO’s agenda.  Consider implementing the 7 following ways to optimize new security technology investments.

  1. Consolidating security vendors for particular solutions will reduce cost as a result of volume discounts and costs associated with increased complexity, risk, down time and staff management.
  2. Reducing the number of endpoint agents will reduce cost by decreasing the complexity of the environment, testing cycles per agents, and administrative staff time required.
  3. Negotiating hardware and software licensing costs as well as security professional services for longer periods of time allows security vendors to reduce paperwork and management costs, which in turn can be provided back to the organization.
  4. Implementing adequate security protections can reduce costs associated with employee productivity loss, security breaches, as well as the IT labor costs associated with endpoint infections, managing signatures, false positives, tuning, etc.
  5. Using automated software to provide agent updates, tuning, patches, and signatures reduces costs associated with employee productivity loss and IT labor management.
  6. Reducing complexity of the environment by consolidating consoles for items such as endpoint and network technology, logging, or security configuration management provides faster access to relative data and possible security incidents.  Less complexity and faster access reduce costs by decreasing the infection rate and reducing the IT labor management.
  7. Focusing on the primary business while outsourcing certain security functions should be evaluated regularly.  Some costs may be reduced by avoiding security infrastructure and software costs as well as additional IT labor and training costs.
Advertisements

Whether defending against common malware or some determined Nation State, being able to proactively detect attacks and changes in the organization are required.  The past year I spent a large amount of time helping several organizations setup and put in place the right people, processes, and technology to help defend against increasing security threats.  Although many organizations spend millions of dollars on technology and hire staff to monitor security 24/7 the organizations were still lacking two fundamental items.

  1. The people although good at monitoring lacked the attack and threat mind set.  The staff was not able to figure out when an actual attack was happening.
  2. Second the organizations lacked the basic security operations processes required to keep track and make appropriate use of the vast amounts of data.

As a result I spent the past few months developing a whitepaper that specifically addresses the primary components of a SOC, which can be used to help organizations setup a centralized core and embark on developing the correct operational processes.  Although I don’t address item number one above, this paper explains in detail the following.

  • Defining the SOC
  • Determining the Processes
  • Understanding the Environment that needs protected
  • Identifying the SOC Customers
  • Staffing the SOC
  • Managing the Events
  • Leveraging ITIL compliance

Creating and Maintaining a SOC – The details behind successful Security Operations Centers

If your organization is under attack and you have invested in more people and technology be sure to implement the right processes and build a foundation for future defense.