We recently ran a series of webinars* on how different-sized cybersecurity teams modernized their security operations and embedded polling questions within the webinars to gather some feedback. A set of possible answers was selected based on the ENISA NIS Investments report. In this blog post I’d like to share the results of the polls and the conclusions we can draw from them.
The Right Skills, Processes and Technology with the Right Data
When establishing or modernizing security operations across an organization to make it become more resilient, two important elements are needed:
- People with the right skills
- Processes and technology with the right data
Skills Decreasing in Value
Skills that have been in high demand in recent years are now decreasing in value. They include:
- Tier ½ SOC Analysis (mainly replaced through automation)
- Manual Penetration Testing (mainly replaced through automation)
- Technology Management (mainly replaced through Service Management, due to the increased availability of service based offerings / Cloud hosted Security Services)
Skills Increasing in Value
With many traditional cybersecurity tasks giving way to automation, what know-how still makes cybersecurity professionals indispensable in their field? Fortunately, there is still plenty according to ENISA. I have personally enjoyed many of them for years and they are also a reflection of our security strategy here at Splunk. The key cybersecurity competencies ENISA identified as the winners in the years ahead are:
- Risk Management
- Service Management
- Incident Response
- Threat Intelligence
- Data Science and Analysis
What is the Number One Cybersecurity Skill that any Security Department will need?
When deciding to advance your skill set you may be confronted with a choice between the ISACA CISM Course (Risk Management), the Splunk Developing SOAR Playbooks Course (Incident Response) and the Splunk For Data Analytics and Data Science Training (Data Science and Analysis).
Let’s take a look at the results of our poll, listing the focus skills by priority.:
Insights into the Security Operations Maturity
In order to dive deeper into maturity levels we asked two additional questions. These questions were aligned with two modernization stories we talked about in our webinar 5 Security Modernization Stories: What Our Customers Taught Us In 2020.
In the first story, Skyscanner shared how crucial it was for them to enrich their data with context such as “To which project belongs an EC2 instance on AWS”, ”What is the criticality of an IP Address” or “Is a highly privileged user behind a certain username”. It is not a big surprise that most participants of our poll considered enriching data and adding context to security alerts to be very important. Fortunately, these best practise enrichment concepts are built into Splunk Enterprise Security.
In the second modernization story Norlys talked about how they increased efficiency with Splunk Phantom and their playbooks. They shared how they measured their improvements with different KPIs such as Mean Time to Detect, Respond, Contain, Recover and Closure. The poll also revealed that the majority of organizations measure more than 5 KPIs in security operations.
Hope this gave you some valuable insight to help you plan and take your security operations to the next level.
*The majority of webinar attendees had job titles such as CISO, Head of Information Security, SOC Product Owner or Cyber Security Team Lead.