PJ Bihuniak, COO of ThetaPoint, has a wealth of experience and knowledge in security operation, going back to his time at ArcSight. PJ is still active in this area, as ThetaPoint specializes in professional and managed services for security operations. It was great having him participate in the ESG SOAPA video series.
In part 2 of our video, PJ and I discussed:
- The role of SIEM in SOAPA. PJ describes SIEM as a data collector and correlator but believes that SIEM still needs to be connected to a broader security operations architecture, a la SOAPA. For example, ThetaPoint often builds a SOAPA-like architecture for its customers using Apache Kafka, an open-source stream processing platform that is used as a unified, high-throughput, low-latency platform for handling real-time data feeds.
- The impact of the cybersecurity skills shortage on security operations. I mentioned to PJ that ESG has been following this trend for many years and that I believe that the cybersecurity skills shortage represents an existential threat to all our data and national security. PJ agreed that his customers are struggling with the growing workload and the cybersecurity staff can’t always keep up. PJ believes that organizations must have a high-level plan, architecture, and list of security operations objectives from the start. With these plans in place, they can then determine whether they have adequate resources and if not, what help they will need.
- The need for SOAPA. At its core, SOAPA is a set of technologies (i.e., data standards, standard APIs, standard transports, common middleware, etc.) to connect disparate security operations technologies. According to PJ, something like SOAPA is really a necessity since large organizations have a multi-vendor security operations infrastructure today and will continue to have this heterogeneous infrastructure in the future. SOAPA has the potential to act as the glue here.
Many thanks to PJ and ThetaPoint for adding to the SOAPA conversation. Look for more videos coming soon!