Dr. Rebecca Wynn: Take The Time To Train Your Tools
Security automation speeds incident detection and response, and it leverages precious security personnel. However, implementing effective security automation is not as easy as simply buying and installing the right tools. Doing the extra work of building your own rule...
Don Welch: Security Automation Requires Different Skills
Analysts who have invested a lot of time in developing their skills sometimes resist tools that can do certain things better and faster. They need to recognize they can use these tools to become even more effective as analysts. Failing to automate security processes...
Bruce Philips: Security Automation Begins With A Process
Begin with a detection and response process, and then adopt the right tool that will help you automate the process. You can determine an appropriate level of security automation, but success comes down to understanding your capabilities, building your playbooks, and...
Brian Bobo: To Minimize Noise, You Need To Select The Right Tools
No matter how good the security is and how great the team is that manages it, they can never react as quickly as technology to malicious activity. One important criterion for any automated solution is whether the security team has the skills and time to tune it. If...
Juniper Networks: 7 Experts on Security Automation and Analytics
The book includes insights from the following experts: Brian Bobo, CISO, Sun Country Airlines, To Minimize Noise, You Need To Select The Right Tools >> Bruce Phillips, SVP & CISO, Williston Financial Group, Security Automation Begins With A Process...
Aaron Weller: The Best Security Metrics Are Actionable
Activity metrics are useful only to prove that you’re doing something, but they don’t show how effective that activity is. Everything that gets presented to the board has to have a clear link back to business value and business strategy. "If a metric changes and you...
Irene Corpuz: When Reporting Security Initiatives To Management, Keep It Simple
Reporting to a government agency is more complex than to a CEO or director, who typically prefer less technical analysis. Training and awareness among the team are just as important as compliance. "To some, they hate measures, but to people who understand why measures...
Daryl Flack: Foundational Metrics Help Build A Security Narrative
Metrics are useful tools for viewing a snapshot of security, but those metrics are meaningless unless a relevant and understandable narrative go with them. Achieving compliance doesn’t necessarily mean that your organization is secure. Communicating the intent of the...
Kyle Hastings: Communicating Security Requires Two Vocabularies
Ask the C-suite or the board what their top management concerns are to understand what the business’s risks are. Then you need to examine if they are comfortable with the risk levels in these top areas of concern. Making metrics meaningful to the CEO or the board...
Istvan Rabai: Security Metrics Are About People And Money
If you want the CEO to understand the importance of security investments, frame the message in a language he or she understands, by providing metrics, real-world examples, and monetary results. Educating both senior management and network users on the threats the...
