- Jason Bevis – Senior Director Orchestration Product Management, Office of the CTO
- Douglas Andre – Director of Cybersecurity, PenFed Credit Union
- Seth Shestack – Director of Information Security, Temple University
- Ron Kirkland – Manager of ICT Security & Customer Service, Crawford & Company
- David Miller – Chief Executive Officer, Uzado
- Jim Hosley – Director of IT Security, Urban Outfitters
- Candy Alexander – CISO, Alexander-Advisory
- Jason Bareiszis – Incident Response Manager, Tetra Tech
- Trevor Butler – General Manager of IT, City of Lethbridge
- Fawad Khan – MS Cyber Security Fusion Center, Financial Services
- Ryan Breed – CTO, Director of Mayhem, Cascade Failure, Inc.
- Peter Clay – Principal, Zeneth Tech Partners
- 3 anonymous contributors
- Organizations have limited visibility into their threat landscape, which makes them vulnerable to the latest attacks. That vulnerability hinders business practices, workflow, revenue generation, and damages an organization’s public image.
- Organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
- There is limited communication between security functions due to a centralized security operations organizational structure.
- Threat management has become resource-intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.
- Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
- Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization. Prevention, detection, analysis, and response processes must contextualize threat data to supplement one another – true value will only be realized once all four functions operate as a unified process.
- If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.
Impact and Result
- Optimized prevention, detection, analysis, and response efforts through leveraging next-generation techniques including use cases, automation, advanced threat hunting, netflow analysis, visualization & dashboarding, rule & incident management flow, web portals, and onboarding & data management.
- A collaborative environment that unites people, processes, and technology.
- Identified security operations gaps and prioritized implementation efforts accordingly.
- Enhanced communication through a central knowledge portal, defined threat escalation procedures, and a comprehensive ticketing function.
- A tailored sourcing strategy that caters to your unique organizational DNA.
- An actionable, operational, and strategic measurement program.
- An intelligence-driven security operations program.
This guided implementation is an eleven call advisory process.
Guided Implementation #1 - Assess your current state
Call #1 - Project kick-off call
Call #2 - Assess current people, process, and technology capabilities
Call #3 - Assess prevention and detection capabilities
Call #4 - Assess analysis capabilities
Call #5 - Assess response and collaboration capabilities
Guided Implementation #2 - Design your target state
Call #1 - Assess your security risk profile
Call #2 - Identify optimization tactics and techniques
Call #3 - Map out your ideal target state
Guided Implementation #3 - Develop an implementation roadmap