Security icon

Develop Foundational Security Operations Processes

Transition from a security operations center to a threat collaboration environment.

Unlock This Blueprint

View Storyboard

Solution Set Storyboard Thumbnail


  • Jason Bevis – Senior Director Orchestration Product Management, Office of the CTO
  • Douglas Andre – Director of Cybersecurity, PenFed Credit Union
  • Seth Shestack – Director of Information Security, Temple University
  • Ron Kirkland – Manager of ICT Security & Customer Service, Crawford & Company
  • David Miller – Chief Executive Officer, Uzado
  • Jim Hosley – Director of IT Security, Urban Outfitters
  • Candy Alexander – CISO, Alexander-Advisory
  • Jason Bareiszis – Incident Response Manager, Tetra Tech
  • Trevor Butler – General Manager of IT, City of Lethbridge
  • Fawad Khan – MS Cyber Security Fusion Center, Financial Services
  • Ryan Breed – CTO, Director of Mayhem, Cascade Failure, Inc.
  • Peter Clay – Principal, Zeneth Tech Partners
  • 3 anonymous contributors

Your Challenge

  • Organizations have limited visibility into their threat landscape, which makes them vulnerable to the latest attacks. That vulnerability hinders business practices, workflow, revenue generation, and damages an organization’s public image.
  • Organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
  • There is limited communication between security functions due to a centralized security operations organizational structure.
  • Threat management has become resource-intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.

Our Advice

Critical Insight

  1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
  2. Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization. Prevention, detection, analysis, and response processes must contextualize threat data to supplement one another – true value will only be realized once all four functions operate as a unified process.
  3. If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

Impact and Result

  • Optimized prevention, detection, analysis, and response efforts through leveraging next-generation techniques including use cases, automation, advanced threat hunting, netflow analysis, visualization & dashboarding, rule & incident management flow, web portals, and onboarding & data management.
  • A collaborative environment that unites people, processes, and technology.
  • Identified security operations gaps and prioritized implementation efforts accordingly.
  • Enhanced communication through a central knowledge portal, defined threat escalation procedures, and a comprehensive ticketing function.
  • A tailored sourcing strategy that caters to your unique organizational DNA.
  • An actionable, operational, and strategic measurement program.
  • An intelligence-driven security operations program.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should enhance your security operations program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Guided Implementations

This guided implementation is an eleven call advisory process.

Guided Implementation #1 - Assess your current state

Call #1 - Project kick-off call
Call #2 - Assess current people, process, and technology capabilities
Call #3 - Assess prevention and detection capabilities
Call #4 - Assess analysis capabilities
Call #5 - Assess response and collaboration capabilities

Guided Implementation #2 - Design your target state

Call #1 - Assess your security risk profile
Call #2 - Identify optimization tactics and techniques
Call #3 - Map out your ideal target state

Guided Implementation #3 - Develop an implementation roadmap

Call #1 - Design a sourcing strategy
Call #2 - Formalize your implementation roadmap
Call #3 - Design an actionable measurement program