The State of the SOC in 2020
Episode 2625th June 2020 • The New CISO • Steve Moore
00:00:00 00:53:57

Share Episode


The American vs. European view on Insurance  

  In first reviewing the report, we were struck by how Europe leads the rest of the globe in insurance to manage risk compared to the US. While the adoption rate of insurance is slowly growing in American companies, their European counterparts take precedence. This could be because European teams have a better understanding of how to use certain types of insurance, or that the European insurance markets and carriers better address cybersecurity risks than the US currently. Alternatively, this difference could boil down to not necessarily capabilities but to viewpoints on insurance. As Steve states, the American perspective is that insurance does not take the place of security programs. Perhaps this idea differs across the ocean.    



Who Leads in What Areas  


In studying the US, UK, Germany, Canada, and Australia, we mull over why certain countries dominate in various areas. In terms of possessing insurance itself and working with their privacy departments, Germany takes the lead—and significantly. Germany’s stats surpass that of Australia’s in possession by around 20%. For outsourcing, the UK and German dwarf the US. However, this piece of data may speak to another shifting trend—that more US companies are embracing outsourced security. We discuss why in the US in particular, we see that reach for autonomy in operations, even if it’s not the most beneficial system.   




High percentages across the board show that many employers and employees feel fully confident in their ability to detect a threat. Is this a positive reflection on the industry or is it overconfidence? Does this perhaps relate to testing—adequate or not? We discuss what goes into confidence itself and the discrepancies between the perspective of the managers and the frontline workers.   


Attracting and Retaining Talent  


The difficulty with staffing can heavily influence the validity of the team. Being understaffed, significantly understaffed, or lacking staff with the right skills cropped up as a relatively common issue in many teams. We debate on what causes the issue of identifying talent and question if it connected to the absence of hiring standards. Low hiring standards may present as the obvious problem, but extremely high and inaccessible standards also generate equal issues. It can lead to a small number of job candidates—a pool in which the best person for the work has already been cut out due to innocuous details.  


On top of initial staffing is the idea of retaining top talent. The data revealed huge discrepancies between how leaders think they can retain talent and what skilled employees seek. While many managers believe the key is good pay, workers point to issues such as eliminating the mundane, poor leadership, or lack of communication. We also draw in additional points: how managers need to know their analysts by name, understand their areas of stress, and respecting them as simply human beings.  


The Undefined Career Path   


Another major inconsistency the report highlights was defining a career path for workers. In fact, when asked the question of one’s career trajectory, only 15% of employers valued it, while 64% of employees did. This is the biggest discrepancy in the report. A conversation needs to start to address this misunderstanding. Perhaps many CISOs don’t understand what SOCs do, or they think they do. Many employees want mentorship and guidance. If you invest in your frontline workers, they will better invest themselves in their work and in you. Unfortunately, mentorship in leaders is not always measured or rewarded—but maybe it should be?  



How do you measure your program? 


The report also brought to light how each team measures the success of its program, and how that differs among small SOCs and large ones. Organizations focus on failing an audit or causing an outage, as opposed to issues with a security incident. Perhaps this speaks to politics: that an outage is much more visible within the company and therefore more likely to cause them stress in their job than potentially a security issue. Smaller SOCs measure how many incidents they handle, whereas larger ones do not. This may make them feel like they are doing valuable work. Both small and large SOCs have the same or similar percentages for monetary cost per incident and meantime to detect.  


Through this statistic we explore the question of size itself—what does it mean? Maturity? Efficacy? Capabilities?  



IT Coordination and Tech 


While many CISOs believed coordination with the IT team went smoothly, frontline employees often disliked working with IT. The report did not specify if this distain towards working with IT related to incident, projects, or configurations and standards. This particular area may need to be further explored.   



Lastly, we advocated for tech-enabling anything you can—you don’t want your team wasting time on mundane tasks that may drive them away or become inefficient. It’s imperative to update tech to reduce stress on your team for smaller tasks, so that they can better focus their efforts on the more challenging and more important ones.   


Exabeam - Website

Side Channel Security - Website

Steve Moore - LinkedIn

Brian Haugli - LinkedIn