SOCstock 2021 is now in the rearview mirror, but thanks to the magic of recording technology, you can still relive it in the present. The day was filled with thought provoking and trailblazing content, delivered by security operations professionals for security operations professionals, across enterprises and MSSPs. No other infosec event in the world is exclusively dedicated to the SOC practitioner – and certainly no other one does it with as much spirit and sparkle as SOCstock (just look at our hippie logo).
Each and every session is impressive and well worth your time to watch (and we’re not just saying that). But if we had to choose, here are the five presentations which generated the most buzz among attendees, which means they made someone think newly or differently about something. In the end, that is all we can hope to get out of an event like this.
1) Security Operations One Year On: How COVID-19 Changed SecOps (Forever?)
Roughly one year removed from the start of one of the gravest health crises in more than a century, security operations, like virtually every field, has been disrupted. Not all the news has been grim, however: Generally speaking, investment in security controls has risen with organizations recognizing its importance to a remote workforce being able to thrive, even as the COVID-19 pandemic sent the global economy into a tailspin. But a rash of challenges have emerged and persisted, including threats related to endpoints, phishing, ransomware, cloud and the supply chain. This panel will take inventory on the year that was for SecOps professionals across enterprises and service providers, and look toward what the future holds for this critical function finding success in a more decentralized world, discussing everything from alerts and caseload to communication and collaboration to zero trust and automation.
2) A Cloud-Native SOC? Say What?
Cloud infrastructure is ephemeral and constantly changing. Tools and practices change as a result. Also, there are now a broader set of teams and tools involved in deploying, managing and updating the cloud systems and applications. Is SOC still needed? What is SOC to do? How does the SOC change as a result?
3) Creating a Culture of “Yes” in the SOC
Today’s enterprises are distributed around the world. From cloud to SaaS, detection now needs to be distributed with a high signal-to-noise ratio. To achieve this, your SOC needs to be a team of “yes.” What does that mean? It means the SOC needs to be seen as a valued and trusted partner who will be brought in early to help ensure that new code, new products or new procedures will seamlessly integrate into the SOC. This talk will cover techniques required to shift to this new approach, the skills required of the team and methods for working with multiple stakeholders.
4) Diversity and Inclusion in the SOC
Cybersecurity does not just have a skills shortage problem – it also has a diversity and inclusion problem. Women continue to be significantly underrepresented, and while minority representation in infosec is slightly higher than the U.S. average, inclusive cultures remain elusive. Yet studies have shown that organizations with greater gender and BIPOC equity outperform companies with more homogenous workforces. For security teams, that means being better equipped to more creatively and innovatively detect and respond to threats, and practitioners feeling more comfortable, connected and confident in their ability to keep security postures strong. This panel will ask the tough questions to key influencers in the infosec field, zeroing in on shortfalls (and success stories) specific to cybersecurity operations, discuss barriers that have held back initiatives from moving forward, and share learnings and best practices that will help you drive a real diversity and inclusion strategy in the SOC.
5) ATT&CK on C-Suite: Cheat Codes
The topic of cybersecurity can be difficult to discuss with the executive branch of an organization. Thus, the thought of presenting the MITRE ATT&CK framework to an executive let alone an entire C-Suite can be a daunting task. Fear not, for our speaker has the “cheat codes” to make even a novice become triumphant in this endeavor!
6) The State of Managed Security Services
The last year has been a boon for managed security services, with many companies turning to MSSPs for anything from augmentation to managed detection and response (MDR) to complete managed SOC. But with fiercer competition than ever and many perceived “me-too” offerings, navigating the MSSP landscape is no easy feat. This panel will discuss the latest trends and offerings in the MSSP space, including what new services are available, what to look for in an MSSP and what is often overlooked in the process.
Dan Kaplan is director of content at Siemplify.