In the latest episode of the Cyber PMM Podcast, I sat down with cybersecurity expert Christopher Crowley, a consultant at Montance LLC and an instructor at the SANS Institute. With over 20 years in the field, Chris provides profound insights into the evolution of security operations (SecOps) and the challenges facing today's cybersecurity landscape.
A Journey into Cybersecurity
Chris Crowley's journey into cybersecurity began in high school, where an early job in systems administration sparked his interest. His career took a significant turn while working at Tulane University, where he encountered various cybersecurity incidents, including compromising activities that attracted the attention of the FBI. These experiences, coupled with a major disaster recovery effort following Hurricane Katrina, equipped Chris with unique insights into both cyber threats and disaster preparedness.
The State of Security Operations
As the episode delves into the state of security operations, Chris discusses the evolution and importance of Security Operations Centers (SOCs). He emphasizes how SOCs have become a crucial part of cybersecurity strategy due to growing legal and contractual monitoring requirements. Chris notes the significance of defining what a SOC does and understanding its capabilities, which has been an ongoing conversation within the industry.
Insights from the SANS SOC Survey
One of the highlights of the podcast is Christopher's discussion on the SANS SOC Survey, a research initiative he has been involved with for eight years. The survey seeks to provide an objective reference for cybersecurity professionals, offering insights into SOC practices and trends. Chris emphasizes the importance of creating a consensus on SOC functions and the value of maintaining consistent survey questions to track trends over time.
The Role of AI in SecOps
A key topic in the conversation is the role of Artificial Intelligence (AI) in security operations. While many organizations are exploring AI tools, survey results indicate that satisfaction levels are low. Chris suggests that while AI is increasingly implemented, it is crucial to manage expectations, as the technology has yet to meet the high expectations of security teams.
Retention and Satisfaction in SOCs
Chris addresses the challenges of retaining skilled SOC personnel, acknowledging the burnout associated with entry-level positions. The podcast touches on survey findings that indicate longer retention rates, with meaningful work increasingly recognized as a key factor in employee satisfaction. The conversation highlights the importance of not transforming analysts into machines and allowing them to engage with complex challenges, which enhances their job satisfaction and contributes to effective security operations.
Future of Security Operations
Looking ahead, Christopher shares his vision for the future of security operations. He predicts an incremental improvement within SOCs, where AI will be integrated through vendor solutions, and automation will play a critical role in handling routine tasks. Christopher foresees a future where tailored machine learning models, trained on specific organizational environments, will provide unique advantages in threat detection.
Tips for Aspiring SOC Analysts
For those aspiring to enter the field as SOC analysts, Chris emphasizes the importance of understanding IT fundamentals, cyber tools, and the threat landscape. He encourages leveraging free resources and continuous learning to build the necessary skills. Additionally, he advises product marketers to align their messaging with the needs of SOCs, focusing on customer knowledge and providing clear deployment guidance.
Get Involved
For cybersecurity professionals and organizations interested in the SANS SOC Survey, Chris encourages participation and exploration of the extensive resources available at http://soc-survey.com. This platform offers previous reports and insights into trends shaping the industry.
In closing, this insightful episode provides valuable perspectives on the challenges and advancements in security operations. As the field evolves, professionals like Chris Crowley continue to lead the charge in developing innovative solutions and fostering a deeper understanding of cybersecurity practices.
Join the Discussion
Share this post