Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Education & Training

How to infuse agility into security operations

By Jonathan Couch
Agility fused with security operations
June 30, 2021

For many years, security professionals have talked about the OODA loop. Devised by Colonel John Boyd, it describes a decision-making cycle that fighter pilots apply in dog fights, and when mastered, allows them to outwit adversaries. The acronym stands for Observe, Orient, Decide and Act, and if you can go through this decision cycle faster than your adversary, you can defeat them.

The same theory applies to security operations and, unfortunately, right now we are operating much slower than our adversaries. So, why do our security operations lack the agility it takes to observe, orient, decide and act faster than our adversaries?

First, it’s important to realize that agility must be grounded in a position of strength. Fighter pilots begin with a solid foundation built by learning basic combat maneuvers. On top of that, they learn how to make decisions and be creative in the heat of the moment to accelerate reaction times and thwart attacks. Security teams need to operate the same way. Good security hygiene practices go a long way to mitigating risk day in and day out. But security teams also need the flexibility to reorient themselves, so that when new threats emerge or new best practices or technologies become available, they can adapt.

Technology and process challenges


Static is the enemy of agile. And since technology and processes are inherently more static than people, let’s start with these two areas and use ransomware to illustrate their impact on security operations agility.

Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Yet many organizations haven’t been able to adjust their processes and technology to keep up, as demonstrated by the fact that 60% of organizations told ESG that they experienced a ransomware attack in 2019, with 29% reporting that attacks happened at least on a weekly basis.

Traditional malware was handled by sequestering the affected system, removing the malware, reimaging and reloading the system, and putting it back into operation. Then, ransomware started to change, infiltrating multiple systems and the network itself with the aim of encrypting key data. Traditional response methods no longer worked. Organizations that were quick to reorient their processes to create and maintain disconnected backups of high-value data, were safe. But most organizations took months, if not years, to shift their processes and technologies accordingly. And just as they were catching up, ransomware shifted again. Adversaries are now exfiltrating data and threatening to release it publicly unless the ransom is paid.

To overcome threats as they evolve and emerge, effective security operations teams must be empowered to change processes and bring in new technologies when warranted. However, since security is not a profit center but an overhead function, organizations tend to invest what is needed and no more.

Companies need to fund their security teams to be able to adapt. Sometimes what’s required is a process change which may not cost anything, but other times you need new technology – like threat intelligence to learn about adversaries and their tactics, techniques and procedures (TTPs), Endpoint Detection and Response (EDR) solutions, a next-generation SIEM or a managed detection and response (MDR) service. Business priorities and the corporate risk profile must align with security priorities, so teams are enabled to do what they need to do. Keep in mind that although budgeting cycles are usually yearly, attackers operate on their own schedules. Organizations must build flexibility into funding so that budget is available to address new threats.

People lead the way


The shining star when it comes to security operations agility are the people. As new concepts have emerged, security organizations and teams have demonstrated an eagerness to embrace them quickly. In the SANS 2020 Threat Hunting Survey, 85% of organizations reported they had adopted threat hunting. And, increasingly, we’re seeing the vulnerability management function move from Governance, Risk and Compliance (GRC) to security operations where teams have the skills and tools for proactive risk mitigation. What’s more, security professionals enjoy developing skills in new areas. This drives job satisfaction and contributes to retention, the value of which, in a market sector with negative unemployment, cannot be underestimated. But the fact remains, people must be supported with the right processes and technologies to drive security efficiency and effectiveness, whatever the future holds.

One way security teams can help garner support is by stepping up their regular updates and crisis communication methods with leadership. Those that engage in regular reporting with metrics that matter to the business unit and board, build a dialogue with leadership that educates and instills confidence. When an attack happens, they are ready with ad hoc communications about who is targeting them, what they know, and the steps they are taking to mitigate damage. With established relationships and trust in place, they are more effective at obtaining additional resources as needed to accelerate detection and response.

Security operations agility relies on the interplay between people, process and technology. This isn’t possible when teams have a set number of tools, outdated processes, and poor communication with business leaders. To observe, orient, decide and act faster than our adversaries, we must look at where we can infuse agility, so teams can change the way they operate, as needed.

KEYWORDS: best practices cyber security cybersecurity ransomware risk and resilience security operations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jonathan Couch is SVP Strategy at ThreatQuotient.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • video wall SOC

    How to build a security operations center on a budget

    See More
  • G4S_healthcare

    How AI can be used to improve healthcare security operations

    See More
  • ukraine-freepik1170x658 (1).jpg

    How companies face risk to security operations derived from the Ukrainian crisis

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing