A Security Operations Centre (SOC) can be a complex beast in today’s world – ever-expanding data points, technological complexity, wave after wave of new vulnerabilities, geographically dispersed users, remote-working analysts, regulators, auditors, bug hunters, supply chain breaches …… more so if you happen to be in a big-brand global environment with a target on your back; then add in multiple regions and time-zones, multiple operating companies, a myriad of (oftentimes unknown) architectures …. And it can sometimes feel as if every nation-state actor and organised criminal adversary is targeting you personally! Who would want to be responsible for that?
Much has been written about the importance of people and culture within the SOC, and various strategies for harnessing the immense power of available technology (such as XDR, SIEM, ASM etc) and security methodology (Zero-Trust for example) let alone future innovation so today I’m going to talk about you. You, who wants to be the Global SOC Leader, Chief Defence Czar, Head of Cyber Operations – do you have what it takes?
Key Attributes for the Emerging Global Operations Leader
What do we look for in our emerging future operations talent pool? Granted, core competency in one’s chosen area of expertise is fundamental in allowing that person to exceed individually and as part of a team, before allowing themselves the confidence, time or luxury to pursue wider development – such as learning what other people in the SOC do, maturing one’s own personal attributes, and practicing your leadership skills.
Emotional Intelligence, communication and experience are key, of course, but what are some of the attributes that under-pin the more well-known cyber, management or leadership skills? What will help you absorb the pressure and indeed, thrive, in the sharp end of cyber defence?
Under-rated Behaviours
1. Curiosity. This has long been known amongst the intelligence and analyst tribes and is fundamental to the art of hacking. Someone who is naturally inquisitive and is intrigued by what makes something tick; is unsettled if they don’t know why something has happened, or what has caused it, and wonders will it happen again. Will ask questions and pursue the vendors and dig deep into their vulnerability mitigation proposals. If you need to assure yourself and not take for granted what some ‘expert’ tells you, you’re getting to the right mindset.
2. Challenge. This is super-hard to do right, all the time. A challenge can be loaded with potential nuance from superiority complex to passive-aggressive tension, and it needs to be received in the right way as well. But challenge in the right ‘safe’ environment is key to getting everyone involved and everyone thinking again (and again) about a mitigation or response proposal, an idea, an accepted way of doing things. There are typically multiple ways of mitigating a recently discovered incursion, but what is the best way (or least harmful/risk-managed way), for the organisation, at that time? It may not be that way you’ve tackled it before. Challenge is an extension of curiosity, and a precursor to innovation.
3. Listening. This is something not everyone will highlight but I rate this behaviour, and more often than not, you will need to practice this. I’m not talking about paying attention in yet another Teams meeting, but ensuring you really allow the various elements of your team to speak up and be heard, to allow the curious to ask questions, to encourage the challenge, and then to allow you as the leader to make not just an informed decision, but a decision the team respects.
I recently made a call that went against the specific recommendation of both my 3rd-party Incident Response support and my internal CERT. It was a tough decision that was made in a time-pressured situation, however the feedback I received later was “thanks for listening, we respect your decision and we’ll go all out in supporting it”.
Resilience
Bringing this all together is great and if you’ve the relevant cyber ops experience and demonstrate the above traits then you’re probably already in a SOC leadership position. You’re practicing your HR management skills, honing your Project Management techniques, refining your written and verbal communication abilities, learning more about the wider business that helps you understand context, strategy and ‘the big picture’ – whilst curating your SOC teams and continually improving your ops metrics.
Is that enough then, to step up and thrive in a global ‘Head of’ position? It can be overwhelming for the first timer. And as you know in Operations, it doesn’t cease. 24/7. Even if you go on leave and you know you’ve got a great team handling things, the responsibility is still yours and it’s hard to let that niggle go in the back of your mind.
As a member of the Senior Executive you will also be expected to contribute, own and add value to a variety of business areas that arguably may not be your core skill. These may range from geo-diverse rotational audits, multi-geo budget management and global budget process, participation in global strategic development and initiatives, speaking requirements, culture and development activities – plus of course you still have your own Operations and People to manage, nurture and be fully responsible for.
All of this takes time, and time that you don’t have. A full calendar with back-to-back meetings scheduled for the next 3 weeks is demoralising. Which brings us to that core attribute that brings it all together, and I have found is demonstrated by long-lasting successful global leaders in all industries – Resilience.
The simple ability to keep going.
Having the faith that you can fall back on everything you’ve experienced and learnt up to now, that you’re doing the right things, that you’re supported by (hopefully) a great team on the same mission as you. And that you know where and when to get help when you need it.
It’s my single most referenced piece of advice I received in one of my hand-overs and one I keep pinned to my notice board. “Keep going. It’s hard, and it won’t stop. Keep going.”
You’ve got the experience, skills and the ambition. Now, do you have what it takes to be a Global SOC Leader?