teissTalk: The future of SecOps - why should leaders be optimistic?

On 23 January 2025, Teiss Talk host Thom Langford was joined by Prince Adu, Board Member - ISACA Accra Chapter, ISACA; Garrett Smiley, Chief of Staff to CDIO / Vice President of Digital Infrastructure and Technology Strategy; MaximusMatt Muller, Field CISO, Tines.

 
Keeping up with criminals and regulations

With the cloud and data centres, current conditions technologically favour defence provided a business is willing to invest in it. A strategic question is how you marry security and operations. The technology is there to automate more SOC processes in order to keep up with criminals, but businesses must find out how to make the most of human resources and which processes lend themselves readily to automation.  CISOs must have a holistic approach and sit down with the CFO to show them what controls must be in place to meet requirements and what technology must be deployed to achieve that. CISOs should also explain how much an incident could cost a company per hour or per day. When an executive order in the US says that businesses must invest in BGP security, it essentially mandates that they buy new routers that, unlike the old ones, support new protocols for the network edges. This is how compliance can drive technology upgrades in the most effective way. 

The people aspect

The skills shortage is partly do to the fact that once those who joined the labour market get some experience with a company, they quickly move on to better paid jobs, which results in a constantly high turnover. This could change if HR had other, more strategic objectives than just to depress salaries. Also, as technology is changing under CISOs feet on a daily basis, the ability to learn and critical thinking are becoming the most important skills. For example, AI can tell an infosec expert what AWS command to run, but it’s the human who must know the context and the why. AI-style co-pilots have the potential to free time and let security experts concentrate on the creative parts of their jobs.  

Diversity plays a key role in incident response. More diversity in Apple’s case, for example, might have prevented the air tag issue or could have brought a quicker solution to it once it was already on the market. Security operations need people who are good in network, understand software development and systems, as well as customer service. To align SOCS with business strategy, CISOs need to have a roadmap which also shows how security deployments tie back to business goals. To see the bigger picture, training must be looked at from both a technology and a strategic perspective. KPIs should be kept down to a small number and communicated to the business in their own language of bottom lines and risks.

The panel’s advice

• Investment is not just about buying tools but also about investing in people as well unless you want your software to become shelfware.
• Businesses must be looking for eager learners, no matter what their age is.
• If you have 15 KPIs, you have no KPIs at all. Establish what your priorities are.
• Don’t mix KRIs (key risk indicators) with KPIs.