Whether you have stood up an in-house security operations center (SOC), outsource your efforts to a managed security services provider, or do some of both, congratulations. Investing in security operations is a sign of improved infosec maturity, signaling you have transitioned from a prevention-only mindset to one that values the speedy detection and response to threats.
But building building and maintaining a SOC – or delegating the responsibilities to someone else – is expensive. That wouldn’t be such a problem if security operations was considered a revenue producer, but it’s not. And it wasn’t that long ago that senior leaders looked at SecOps no more fondly than as a necessary burden, a sentiment that still exists in some places. The SOC doesn’t have to do everything, nor should it be expected to. But to be successful, you will want to convey the value it provides to attract support from those who control the purse strings.
Here are four recommendations for connecting with executive and board leadership and getting them on your side.
Do Your (Big) Part to Instill a Security Culture
A highly functioning SOC forges and maintains collaborative relationships across the organization. These connections tend to be most valuable in the times of a major incident, which requires a cross-functional effort, but they also speak to the concept of security culture and your team’s role in helping to advance one. An organization in which security is woven into its culture means that all employees, regardless of their role or responsibility, share the attitude of the importance of protecting data. While everyone must play a part in establishing and growing a security culture, guidance from the SOC and overall IT team will be paramount, catching the eye of executives who will recognize how instrumental your efforts are in making everyone care about keeping the company safe from malicious activity.
Metrics are a visually appealing way to communicate the overall picture of your mission. Once your program is in swing, you’ll have to aggregate the data you collect to output metrics reports. The reports should be presented to stakeholders and include a clear representation of what is being measured, its priority, what its baseline was and how it has changed over time. Don’t bother sharing vanity metrics like number of incidents handled. Instead, report measurements that can correlate to cost savings and the bottom line – such as how quickly the most critical events are addressed to reduce dwell time, as well as how good the SOC function is at automating away false positives.
Lose the Technospeak
Common SOC terms like IOC, APT and SIEM may be second nature for your vernacular, but they might as well be a foreign language for the senior leaders and board members you need to reach. While infosec knowledge has improved among executives, never assume they will understand the technical jargon. Instead, convey your challenges, needs and ways you enable the business in a way that is aligned with business priorities (asking questions before your presentation can help here), centers on risk reduction and – arguably most importantly – delivered in clear and incisive terms that they will they will understand. Using storytelling and sharing relatable, real-life metaphors can help you disabuse any false notions your audience may hold and boost their consumption of the message you are trying to send.
When in Doubt, Lean on Compliance
There was a time not too long ago when compliance, largely bolstered by the emergence of the Payment Card Industry Data Security Standard (PCI DSS), was far and away the chief reason for security spending. Compliance as a primary driver for infosec dollars has cooled somewhat with companies becoming more risk-minded and compelled to act due to endless strings of data breaches and high-profile ransomware attacks. Compliance mandates, however, haven’t gone anyway. In fact, with the advent of measures like the U.K.’s General Data Protection Regulation, spending to meet these data protection rules has surged again and piqued executives’ attention, especially if penalties get personal Lawmakers in the United States, for example, have proposed their own privacy law to include significant prison time for C-level executives whose businesses are found to be in violation. SOCs play a big role in helping companies monitor and maintain regulatory compliance, so use that ammo to win support for your efforts.
Sell the ROI of Technologies
Sometimes management may feel like freeing up funds for security means their next stop is a black hole, so be sure they’re aware of the benefits of tech like security automation, orchestration and response (SOAR). These solutions can save security operations teams millions of dollars annually through increased efficiency and better resource allocation. Enterprises generally see these savings spread across four key areas: alert handling costs, reporting costs, analyst training costs and miscellaneous operational costs.
Dan Kaplan is director of content at Siemplify.