2020 SOC Performance Report: A Tale of Two SOCs | A Devo Story

A Their Story conversation with Sean Martin, Marco Ciappelli, and Devo executives, business leaders, and security practitioners

What separates a highly effective SOC from a poor-performing SOC?

In this three-part conversation, we will discuss exactly that: the technology, the humans, and the synergistic relationship between the two. 

Together, with Devo, we explore the tale of Two SOCs: what defines success and what drives performance—plus, what doesn’t.

Based on the results of an independent survey of IT and IT security practitioners, the second annual report looks at the latest trends in security operations centers (SOC), both positive and negative. The report presents an unvarnished view of the current state of SOC performance and effectiveness. Based on responses from people with first-hand knowledge of SOC operations, identifies areas of change from the prior year’s survey and highlight the challenges that continue to hinder many SOCs from achieving their performance goals.

The survey posed a broad range of questions designed to elicit insights into several key aspects of SOC operations, including:

  • The perceived value of SOCs to organizations

  • Areas of effectiveness and ineffectiveness

  • The ongoing challenge of SOC analyst burnout, its causes, and effects

This is a 3-part podcast series with Devo executives, business leaders, and security practitioners. The series will explore the tale of 2 SOCs: what defines success and what drives performance—with the community-based research the Ponemon Institute performed that will effectively define these 3 episodes: TECHNOLOGY | HUMANS | BUSINESS

Bookmark this page to catch all of the episodes as they become available.

Listen and start tuning your SOC to achieve the performance the business deserves.

Note: This story contains promotional content. Learn more.


Episode 1: The Role Of Technology In A High-Performance SOC

Guests:
Tunde Oni-Daniel, VP/SMD Head of Security Architecture, Engineering and Operations, OneMain Financial

Jason Mical, Cyber Security Evangelist, Devo

In this episode, we explore the role technology plays in building and running a security operations center that is successful not only in being proactive and productive but also in creating a high-performing system in support of achieving the defined business objectives.

Technology can’t function on its own, and the SOC analysts can’t do their job without technology. With this in mind, we are left with what could be a tough question many to answer if not carefully thought through: Is technology here to help humans, or are humans here to use technology to help themselves? Hear what Tunde and Jason have to say in this experience-driven, data-supported, actionable conversation.

I think we’ll always have the eyes-on-glass decision-making process because our adversaries are always changing; the threat landscape and the defense are always changing. So there’s never going to be 100% automated from my perspective.
— Tunde Oni-Daniel
What we start to automate away tends to paint a picture of something to come that requires, again, that human element-the human triage-to understand exactly what the TTP is, what the tactic used exactly is that the attacker is trying to do.
— Jason Mical

Additional Resources


Episode 2: The Role Of Humans In A High-Performance SOC

Guests:
James Yarnall, Director of Cyber Security Operations & Intelligence, Freddie Mac

Jill Orhun, Vice President of Customer Success, Devo

In a SOC, there is the tech stack and the human one. Not really. The fact is, one cannot exist without the other, and the way their synergy manifests can make the difference between success and failure.

The work of SOC analysts can be tedious, repetitive, and time-consuming; yet professionals filling this role need to be persistent, curious, and smart. It can prove difficult to get these things to weave together from the start (attracting and hiring talent) and over the long run (training and retaining talent). If the weave is loose and messy, success can be hard to define and achieve — and the “chaos” that comes with this messiness can lead to struggles for the individuals and the team overall.

Sometimes, there are responsibilities and activities that just downright prove challenging. Other times, however, the organization may put practices, technologies, and unnecessary constraints in place that add even more challenge and angst in places that could otherwise be avoided.

Are we expecting people to work hard/er simply because they want to do good for the company? Do we take that for granted? Do we know what motivates them and how they measure success for themselves?

It's when those details align with the team’s goals and measurements and also align with the company’s business goals for growth, revenue, and cost savings, that the SOC operations can succeed without crushing the team in the process.

Managers need ways to measure how SOC analysts can improve, to help guide a training and career plan for them, shore up their weaknesses, and expand on their strengths while keeping an eye out for where they want to go next. Bored and burnt-out analysts are also less effective analysts and are more prone to make mistakes; so it helps both the person and the company and to take heed of how they are managed, incentivized, and treated.

 

 

Episode 3: The Value Of A High-Performing SOC For The Business

coming soon…

Guests:
Julian Waits, General Manager, Cyber Business Unit, Devo

Special Guest: TBA