Skip to main content

The unpaved road of an agile Security Operational Centre

Maintaining an agile SOC is no easy feat, but it’s essential for strengthening cybersecurity. Here’s why taking care of people should be at the top of every SOC strategy.

Last week, I went to KraftCERT Norway, held at the Norwegian Museum of Science and Technology, to talk about the processes of our agile Security Operational Centre (SOC). It was the perfect setting for a bunch of tech workers who want to get together and discuss our challenges. 

The presentation I delivered at KraftCERT, without delving too much into specifics, was about the People, Processes, and Technology principle. Not only from an SOC perspective, but also from cybercriminals’ perspective.

Learn more about security at Visma

Empowering SOC responders and analysts

I strongly believe that everything related to SOC is connected to people, processes, and technology. Together, these three things make the core principle of Visma’s SOC – with the people component being the most impactful. You can have the best technology and perfect processes, but without the right people you won’t succeed. This is something I’ve had to learn during my years working as a System Administrator, Developer, Pentester, Information Security Officer, Security Researcher, and now, an SOC Manager.

Incident Responders and Security Analysts play some of the most crucial roles when it comes to fighting cybercrime. They are the guardians of your company, and should therefore be involved in all processes, at all times. So, how do you keep them involved? As a colleague, I recognise the importance of nurturing their growth, actively listening to their perspectives, and collaborating closely with them. 

I understand that we need to break the silos between teams and work side by side to develop and improve our SOC. That means that everyone can contribute in different activities and initiatives that fulfil the cybersecurity experience. Today you can be a Threat hunter, tomorrow you can be part of the Security Research team, and the next day you can be part of the Purple Team. Having a diversified process inside the SOC helps your colleagues to improve themselves and never get bored. 

Fostering a culture of support and care

To be able to respond to security incidents properly, the main requirements are creative thinking, problem solving, and analysing and responding to complex and dynamic situations. All of these requirements can make the job of an Incident Responder and Cyber Security Analyst both challenging and fulfilling. Therefore, they need to stay up-to-date on the latest security threats and technologies, adapt to new risks and attack vectors, and continuously improve their skills and knowledge. How can they achieve all of this if they’re buried under tedious and repetitive tasks?

Looking at it from another perspective, a substantial part of the cybersecurity community sees humans as the weakest link in the chain. What we have discovered over time is the fact that people are the main target for cybercriminals. Dealing with people is not always easy, and dealing with stressed people is even harder. Taking care of your colleagues will translate into more accurate responses in the case of an incident. People need to know that you’re there to help them rather than pointing fingers when they fall victim to cyber attacks.

Agility in an SOC is achieved through continuous processes. Those processes need to improve three things: prevention, detection, and response. These three improvements require structured learning from the incidents we experience – especially attacker tactics, techniques, and procedures. But also future technologies like artificial intelligence and machine learning, and their potential impact – whether it’s positive or negative. 

What’s the best way to do that? I don’t have the answer. But, I firmly believe that the involvement and caretaking of people is a key aspect of generating the best incident responses.

Most popular

  • Welcome to our newest Visma companies!

    We’ve had some exciting new additions to our portfolio this year. Let’s get to know the superstars who have joined us and the brilliant solutions they bring to the table.

  • A man holding his cellphone

    5 reasons why you need Visma AutoPay

    Do you spend a lot of time making manual payments or doing bank reconciliation? Could you imagine an automated and secure bank integration that saves you both time and frustration? Visma AutoPay may just be what you need.