Have You Chosen the Right Person to Lead Your SOC?

October 1, 2019

Cybercriminals are increasingly penetrating enterprises through non-technical means, such as social engineering. At the same time, there is a global IT security shortage of nearly three million people, according to the 2018 (ISC)2 Cybersecurity Workforce Study, leaving enterprises struggling to find the right talent to safeguard their networks.

There are multiple theories on how to solve the problem, and several programs have popped up in the last few years to attempt to address it.

According to Chris Schueler, SVP of Managed Security Services at Trustwave, enterprises need to consider other options. Yes, IT and cybersecurity degrees are in demand, but we are failing to look at professionals outside of those areas. Enterprises must change their mindsets and begin recruiting talent from non-traditional backgrounds like liberal arts majors, statisticians and private investigators, he suggests.

“There are many backgrounds and alternative skillsets that lend themselves well to cybersecurity, and organizations need to start considering rounding out their cybersecurity teams with people from varied backgrounds,” Schueler says.

Schueler advocates looking at a new type of cybersecurity SOC analyst, one who relies as much on understanding the psychology and science behind a threat, as he or she does on technical know-how, such as:

Law Enforcement/Military/Investigators – These professionals are experienced threat hunters, able to adopt a black hat mindset, build criminal profiles and establish modus operandi. They know how to take practices from their former lives, such as establishing “Proof of Life,” and apply them to ransomware attacks and other digital threats. “Law enforcement and military professionals are incredible; they know how to ‘follow the bread crumbs,’” Schueler says. “They look under each stone and are trained to be comfortable in difficult situations. A SOC environment is a pressure cooker, all the time, and military and law enforcement can stay calm and cool under pressure.”
Data Scientists and Statisticians – These professionals know how to parse through vast volumes of organizational data to look for unusual patterns or anomalies that can indicate a breach. They also excel at gauging organizational risk tolerance and determining incident probabilities. “Parsing through data – in a private or public cloud or a SaaS environment – is a new big challenge,” Schueler says. “Sure, machine learning helps, but you still need a math and data background to process all of that.”
Liberal Arts – “I like this one the most,” Schueler says. From communications to psychology, philosophy to sociology, individuals trained in liberal arts fields help us understand the human side of the equation and leverage abstract thinking to match the minds of black hats. “These people don’t conform to ‘group think’ easily, and that’s good. Adversaries are unconventional, and liberal arts find variances that may get you to a different result. I see liberal arts professionals as the ones who can understand what the adversary is trying to do; almost becoming a bit of a profiler. If you think in black and white, then you can’t profile. In a SOC, it’s not just one person leading an investigation, and I like the liberal arts professional because you are always guaranteed one person in the pod who won’t conform to group think.”
Multicultural Backgrounds – With threats coming from around the world, cybersecurity teams need to include members from a wide variety of geographic and demographic backgrounds who are able to think like black hats and understand their motivations. “I always advocate for hanging multiple demographics,” Schueler says, “in order to strengthen the overall coverage to offer you different approaches to problems.”

Once you have the “right” person on your SOC team, the next challenge is to keep them, Schueler says. “It’s important that their ‘on position time’ is rotated. Yes, there is a lot of turnover with Tier 1 SOC analysts, but we can help to reduce some of the heavy lifting with automation to help them stay satisfied in their roles. As an industry, we can invest in automation and machine learning to reduce the workload and to provide them with more Tier 2 analyst work. That may be a reason that they stay, or they go. I already see the industry moving towards that direction.”

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Have You Chosen the Right Person to Lead Your SOC?

Recent Articles by Diane Ritchey

Goodbye and thank you

Good Security News from Guerrilla Mask Movement

Managing Risk, Business Continuity and Resiliency during a Pandemic

Post-COVID-19 and mental health

What’s your BCP plan?

Security Magazine

2020 September

Have You Chosen the Right Person to Lead Your SOC?

Recent Articles by Diane Ritchey

Related Articles

Report Abusive Comment