Episode 14 - Aligning Competing Priorities

Not only do some security teams have diverging priorities, often times we find that analysts and engineers have goals that are opposed and in conflict with one another. How can your SOC move forward when your teams are moving in complete different directions. In this episode we are going to talk about how your team can find common ground and identify unifying objectives. 

Notes:

1. Step back - Think in terms of systems not projects (or products) 

• We always start with data 

• From a detection standpoint – there’s 5 types 

• Endpoint 

• Network/Firewall/Web 

• Email 

• Authentication 

• Malware/IDS/Threat Intel  

• Sets/sub-sets of tools – but from a visibility standpoint this is our “universe” 

2. What does the end look like?  It’s not a laundry list of silos /solutions / vendors - it’s a data driven process to OODA  

• North Star  

• Find all the bad 

• Stop all the bad 

• Prevent all the future bad (this is the BIG Fail of the industry right now)   

• See the potential bad

• Decide if it is bad

• “respond” – remediate / fix / contain / prevent  

• Process driven, fed by data/experience: People – but also trusted “automation” 

3. You have a system now - but it's probably in pieces, silos, varying states of "maturity" (Products vs. systems, security “dissonance”) 

• Start where you are - and create a baseline of your ideal system – but be careful how you “define” that baseline 

• Example – laundry list of technologies/products/ “innovations” 

• Competing visions?? 

• Program vision – leaders 

• Position vision – executors  

• “POV” becomes your tool here – “hack” the vision with success if needed