Alienvault USM Anywhere Logo
Skip to content

People First, Automation Second: Unlock the Real Value of Your SOC

Automation is an incredibly important tool for optimizing security operations – but it’s not a cure-all for fixing broken systems and processes. 

Business leaders and successful investors have long praised the value of a positive, productive workplace culture. Time and time again, investing in people has proven itself an excellent strategy for enhancing the performance and profitability of an organization. Many of today’s top companies owe their success to this approach. 

The same is true of managing individual business units in an organization, and information security is no different.  

Advanced technology is only as productive as the talent that drives it forward. 

This is especially true when it comes to automation. Traditional information security workflows are full of time-consuming manual tasks.  It doesn’t take long for these tasks to add up into a considerable backlog that puts a strict bottleneck on security responsiveness and productivity.  

Properly configured automation technology streamlines these workflows, enabling security analysts to do more with less. 

However, there are two sides to this coin – improperly configured automation tools can amplify mistakes, too. A highly automated security workflow can quickly turn one mistake into hundreds or more. Organizations reduce their exposure to this kind of risk by investing in security expertise and culture. 

How the People-First Approach Works in Information Security 

Security operations workflows – even highly automated ones – are stressful, high-stakes endeavors that leave employees prone to burnout. For an SOC to consistently deliver high-quality results, its leaders must address the risk of fatigue and offer significant support to team members across the process chain. 

Three of the best ways security operations leaders can do this include: 

  • Rotating responsibilities between team members 
  • Establishing an open-door feedback policy 
  • Promoting cross-training opportunities.  

Each one of these steps provides vital context and experience that informs the decision-making process that goes on behind advanced technology and security automation initiatives. 

We’ve asked our SOC Manager, Kyle George, to provide feedback on each of these initiatives and describe how they’re reflected in Castra’s operational strategy. 

1. Rotate Responsibilities Between Team Members 

Repetitiveness is one of the key factors contributing to workplace fatigue. Monotonous work is one of the biggest contributors to workplace burnout, putting workers at higher risk of everything from turnover to alcoholism and gambling. Reducing repetitive work is also one of the primary benefits of security workflow automation. 

However, nobody guarantees that configuring automated security workflows is any less monotonous. 

The best way to keep security team members engaged is to regularly present them with new challenges that provide valuable insight into overall security strategy and posture. This can help broaden the knowledge that security professionals bring to their work and give that work an additional layer of meaning. 

How does Castra provide new challenges to our SOC? 

Kyle: We offer tasks and opportunities of varying difficulty to every person on the team. Individuals from every Tier of the SOC are encouraged to take the opportunities that interest them, whether they have the skill set to complete that task or not. 

This makes them accountable for the completion but may require them to learn a new skill or seek help from another team member. Choosing their own tasks allows the team members to keep it “novel” and develop their own “flow."   

The goal for our team is to spread out the normal repetitive work while also sharing in the tasks that are more challenging. This ensures high-impact tasks stay in the right hands without denying anyone the opportunity for excitement. 

2. Establish an Open-Door Feedback Policy 

Security policies must be followed to be effective. Security employees are often the first line of defense against non-compliance throughout the enterprise, and their feedback is incredibly important. If the security team has issues with the usability of a security product, it’s likely that other departments do too. 

Optimizing your security posture is an ongoing process, and it requires a great deal of feedback from every level of the organization. Security personnel should feel empowered to give feedback on security policies and leadership decisions. Leaders should feel obliged to calibrate their leadership style to meet the needs of the team. 

How do we empower our team to share their feedback on security policies? 

Kyle: One way that we help to empower our team to give feedback is by having team-wide discussion sessions. We have two open forum sessions and two team-review sessions per week. These sessions allow the team to bring any questions or concerns they have for discussion among their coworkers, managers, and others. 

Our open forum sessions are just that, open to any topic. Most of the time, this includes healthy feedback on current security policies and proposed changes. Leadership values this insight and uses it to continually improve performance and quality moving forward.  

Another way we like to encourage feedback among the team is something we call a “Two-Person Challenge”. Whenever someone is performing a task that would impact the performance of our team, our customers, or the tools we use, they submit a “Two-Person Challenge” to the team.  

This alerts the team that at least a second person is required to approve the task before it can be completed. These challenges allow everyone on the team to see what is being done and submit their feedback in real-time. 

3. Promote Cross-Training Opportunities

In the modern enterprise, every role is a cybersecurity role. There is no clear division between the information security department and every other business unit – because every team member works by receiving, processing, and communicating information. The more security team members know about how the organization works, the better equipped they are to protect and secure those workflows. 

Spending an entire career configuring DNS policies won’t provide a great deal of insight into what an organization’s real-world risk profile looks like. Not on its own, at least. Those policies respond to real-world events happening in sales, marketing, or R&D, and security personnel need to know about those events in order to build automated solutions that truly meet the organization’s security needs. 

Deploy Security Automation with Castra Expertise 

2022 Headshot-cropped

Kyle: As a Tier-2 in the Castra SOC, I enjoyed the amount of knowledge I was able to absorb and the autonomy to decide when and how I would perform my duties. As the SOC Manager, and with the full support of our co-founders, I enjoy being able to implement changes like a 4-day work week. Our team works hard, and we do our best to make sure they have time to play hard. 

Castra is more than its technology. Our people-oriented approach builds on technological enablement to provide security staff with the opportunities they need to truly excel. By putting automation, incident investigation, and tech deployment in the capable hands of experienced analysts, we do our part to reinforce our customers’ security posture with success.

Speak to a Castra expert now and find out how our team can transform your organization’s security capabilities.