Brad Freeman, the Director of Technology at SenseOn, recently gave a talk on the importance of implementing effective security operations center (SOC) practices. As a security professional with extensive practical and leadership experience, Freeman emphasized the significance of focusing on people and processes in order to achieve the desired level of security.
During his presentation, Freeman addressed a common issue faced by analysts in many organizations. He noted that analysts often prefer dealing with serious security investigations such as compromises and incidents. However, at mid-market organizations, these types of cases may be less frequently encountered. To overcome this challenge, Freeman suggested that mid-market companies should empower their analysts by providing them with interesting security investigations that can keep them engaged and curious. This curiosity would eventually lead to their growth into more senior analysts.
Another key element highlighted by Freeman in empowering the SOC team is raising their internal profile. He emphasized the importance of ensuring that the security operations center is perceived as an integral part of the organization, rather than just a separate department. One strategy to achieve this is by inviting employees from different departments to visit the SOC and gain insight into its operations. This increased visibility helps in educating the entire company about the significance of the SOC and the critical role it plays in protecting the organization.
Freeman also warned against the complete outsourcing of SOC activities to third-party vendors. He argued that nobody knows a company better than someone from within the organization. To ensure a holistic understanding of network traffic and context, Freeman advocated for a hybrid model where some SOC activities are handled internally. This approach enables the SOC team to align with the specific business processes and activities of the organization, such as potential mergers and acquisitions.
A lack of direction or strategy from leadership was another challenge highlighted by Freeman. He stressed that simply instructing the SOC team to “make it work” is not an effective replacement for a comprehensive security strategy. Freeman also identified vanity metrics, poor detection processes, and technology decisions driven solely by purchasing decisions as common problems faced by SOC teams.
To make a SOC work effectively, Freeman provided a few key pieces of advice. First, he advised focusing on developing the skills and expertise of the SOC team members. By investing in their growth, organizations can ensure a strong and capable team. Second, Freeman emphasized the importance of demonstrating the value of the SOC to the organization. This can be achieved by measuring and communicating the positive impact the SOC has on the overall security posture. Third, Freeman stressed the need for implementing effective processes within the SOC. Having well-defined processes ensures that the team operates efficiently and consistently. Lastly, Freeman urged organizations to make technology decisions based on solving their specific security problems, rather than simply ticking a box.
SenseOn, the company where Brad Freeman is the Director of Technology, specializes in advanced cybersecurity solutions. Their technology aims to empower organizations to detect and respond to threats effectively. To learn more about SenseOn and their innovative cybersecurity solutions, interested individuals can visit their website at [https://www.senseon.io/](https://www.senseon.io/).