Scaling Security Operations
SEP2 has had huge growth within the last couple of years. As the number of employees fast approaches triple digits, with the majority of these working on the technical side of the business, I wanted to reflect on how we have grown and scaled — in what SEP2 believes is the right way.
Despite increased cyber security attention and budgeting, many organisations struggle to maintain 24/7 Security Operation Centre (SOC) services, leaving them vulnerable to threats at any time. The need for ‘always-on’ and ‘always-protected’ services is crucial, given the unpredictable nature of cyber threats. Rapid response, even during off-hours, is vital, as incidents may go undetected. Without a functional 24/7 SOC, organisations risk significant delays in identifying and addressing cyber threats in the ever-evolving digital landscape.
However, building Security Operations at scale is both difficult and expensive. The traditional security operations approach is outdated, ineffective and struggles to keep pace due to its manual and reactive nature. This is where SEP2 add value: our business is Cyber Security and providing Security Operations is what we do. We have dedicated the past few years to developing and scaling our SOC service, making it the best in class.
SEP2 took a unique and revolutionary approach to constructing Security Operations, and in recent years, these concepts have evolved, harmonised, and synergised with Google’s Autonomic Security Operations (ASO). These tools and practices aid organisations in automating and scaling Security Operations processes, enhancing security posture, cutting costs, and boosting overall program efficiency.
ASO is based on four key components, but more importantly a commitment to drive a 10x improvement across these areas:
- People: Empowering security analysts to focus on the most important tasks and to be more productive and satisfied in their roles.
- Process: Helping organisations to optimise their Security Operations processes, improve the overall security posture of their organisation and increasing analysts’ productivity and effectiveness.
- Technology: Utilising the right products and services that are designed to help organisations automate and scale their Security Operations.
- Influence: Focused on helping organisations to change the way they think about security, by adopting a more proactive and risk-based approach.
As a ‘Tech Driven, People Powered’ organisation, investing in people is the most important thing the business does. SEP2 values empowerment, growth, accountability, and trust at all career levels. We seek talent with diverse backgrounds beyond traditional cyber security careers, encouraging critical thinking and innovative problem-solving. The evolving landscape of cyber security offers a range of specialisms, fostering varied perspectives, innovative thinking, and cognitive diversity—qualities we value in potential employees.
At SEP2, we’ve eliminated the traditional Tier 1, Tier 2, and Tier 3 structure in our teams, focusing instead on task-oriented disciplines to optimise efficiency. By allowing team members to specialise in areas of expertise and interest, we enhance collaboration, mutual support, and overall productivity. Incorporating ASO principles guides the strategic allocation of analysts, engineers, consultants, developers, and managers based on coverage, time allocation, and necessary upskilling. This process-driven approach minimises the impact of technical backgrounds, facilitates adaptability to changing technology, and streamlines the process of upskilling, leading to a more diverse and well-rounded understanding of the client environments supported by SEP2.
SEP2 adopts a proactive and dynamic stance toward ‘People,’ recognising their direct influence on Security Operations. This encompasses aspects such as succession planning, learning and development, team productivity, culture, and employee satisfaction—each element contributing to the overall quality of service.
SEP2 addresses the Cyber Security skills gap by not only increasing the workforce but also promoting diversity within the sector. Alongside active recruitment, apprenticeships, and training, SEP2 initiated a Cyber Schools programme, a one-day event providing 15–16-year-olds a glimpse into the Cyber Security world. Originating from a focus group, specifically Women in SEP2, this initiative aims to attract individuals, especially women and those from lower socio-economic backgrounds, to the field. The programme includes sessions on Red Team, Blue Team, and showcasing the 24/7 SOC in action. SEP2’s commitment has resulted in two successful events with plans for more, indicating a high demand for talent and the need for businesses to address the skills gap responsibly.
Given the evolving threat landscape and increased alerts, SEP2 emphasises the importance of developing a new approach to optimise processes. Instead of merely accelerating outdated security processes, the focus is on automation to handle routine SOC tasks efficiently. Tasks that once took minutes or hours for humans can now be completed by machines in seconds. SEP2 embraces an automation-first strategy, saving analysts significant time— if a task takes 10 minutes a day, every day, then removing this task would save 40 hours a year. This commitment extends beyond security operations to encompass business operations, ensuring efficiency in Sales, Marketing, Finance, Human Resources, and technical tasks. This approach enhances productivity, allowing individuals to excel in their roles rather than being bogged down by repetitive tasks.
Navigating the minefield of Cyber Security technology, where solutions often claim to be a silver bullet, requires strategic use for a substantial impact on security posture. SEP2 avoids closed-box products, prioritising adjacencies and integrations between solutions to prevent bottlenecks and monolithic thinking.
As with our process-driven approach to People, the SOC optimises workflows through integrated tooling, minimising re-training efforts. The SOC adopts a microservices mindset, engineering use cases with a stack of technologies for flexible outcomes and ensuring deep semantic awareness of adjacencies. Complete visibility is crucial for effective Security Operations, demanding scalable, cost-effective technology with rapid response capabilities. Closed-box solutions hinder effective correlation and limit scalability. Bringing all security data into one place enables powerful correlation, pattern detection, and visualisation, enhancing analysts’ ability to detect suspicious activity amid the complexities of big data. Automated detection systems and threat hunting tasks further flag potential threats.
Cyber Security no longer needs to be limited by technology when you build a strategy and look to create an ecosystem rather than single isolated solutions.
The SOC can only truly be transformative if it also has strong influence over the upstream elements of the security lifecycle. For SEP2 this is about changing attitudes to security practices and operations, building from the foundations and making sure that security is considered by everyone in the organisation all the way to the board.
We have adopted practices like Zero trust, requiring verification for network access both internally and externally. This heightened security layer effectively prevents data breaches. We acknowledge that security issues will occur, but prioritise learning and improvement, fostering a culture of openness and honesty instead of fear. This approach significantly benefits the organisation and encourages engagement from all employees.
Scaling Security Operations is something that is constantly evolving within SEP2. We want to change the paradigm of Cyber Security, and work with our customers and partners collaboratively to make sure they are protected and secure at all times.
If anything within this article is of interest or you are looking to start or improve your Security Operations, then we would love to speak to you about how SEP2 might help and become a trusted advisor to your organisation. Get in touch.