Tom Avant:
The threat landscape is constantly changing faster than most people out there can even think about. So, if we are only building security experts who are only good in one area, then there's no way that we're going to be able to keep up with the fast changes that are happening in the world.
So, working with my leadership, we started thinking about how can we make what I call a “full spectrum” security analyst. How do we build a person that is well-versed in one discipline and starts to build and develop skills in another discipline? And we start by taking over smaller responsibilities. So we went through some training, we worked with different training programs, sales courses, things of that nature. And then we eventually decided that, okay, we will take on some of the stuff that our other teams are doing because we operate really well at scale.
And the good thing about the SOC is even though we are backed by our people, our first tenant is to always automate for solutions first. Humans are our last resort. And in doing that, we say, "Hey, there are some workloads though that even though with the best intentions of automation, you still need a high judgment individual to be able to take some actions." But some of those, we've got individuals of different skillsets. You don't want to take a super high-skilled comp sci individual and then give them something that doesn't require the full usage of their skill, because that's not a good usage of that resource.
► Watch the video: The Human Side of Security: Advice for Managing Your Security Team
So, if you think about it, it's like resource management. Through having that discussion, we said, "Hey, we can leverage some of those things, building the capacity of our people to be able to operate across the domains." And then at the same time, freeing up some resources for my peers in the other side of the organization so that they could tackle the more ambiguous task.
In terms of the actual day-to-day stuff, we absolutely want to make sure that little simple things that we can do, like have a snack bar available. You'd be surprised that a lot of people who've worked in op centers before, I was like, it really, really is tough when-
Clarke Rodgers:
Pizza goes a long way.
Tom Avant:
Pizza goes a long way. Pizza, a couple of drinks, some chips. People are happy. I'm not saying that to be silly, but I mean really like-
Clarke Rodgers:
No, for sure. It's a real thing.
Tom Avant:
It's a real thing. You're on that ops center and sometimes you're so deep into what's going on, you look up and you've been handling a problem for four hours straight. You didn't even notice that, right? And you need to be able to have some fuels to keep you going.
We also make sure that people have an opportunity, like I said, to rotate roles so they know that, “Hey, here are the requirements to move into a different role.”
We do still have an on-call. On-call again is unavoidable when you're running a global system. But in a lot of places, we've been able to move to where we have that globalized system, where we do a handoff, another team picks up, and then we keep rolling.