In the ESG SOAPA video series, we’ve spoken with leading security analytics and operations technology vendors like IBM, ServiceNow, Splunk, and many others. In this video, I wander outside of security operations technology and interview an old colleague of mine, PJ Bihuniak, COO of ThetaPoint.
Never heard of ThetaPoint? The company provides professional and managed security operations services to large global companies so it has a wealth of experience in the SOAPA domain. As for PJ, he spent many years with security operations pioneer ArcSight and knows this space like the back of his hand.
In part 1 of our video, I ask PJ:
- Why is SOAPA relevant today? PJ responds that requirements are changing rapidly, driven by factors outside of cybersecurity like the growth in cloud computing. This transformation brings a degree of unprecedented scale and many organizations simply can’t keep up with a security operations environment highlighted by underutilized technology and broken processes.
- Are there consistent security operations issues amongst enterprise organization? PJ talks about common problems like the cybersecurity skills shortage but reminds me that security operations was always managed in a reactionary fashion as organizations purchased and deployed new technologies to detect and respond to new threats. As a result, security operations today tend to lack end-to-end coordination across people, processes, and technology. Unfortunately, this means that there is a wide variety of issues from organization to organization.
- What’s with the growth of security data? The foundation of SOAPA is data and many organizations are collecting, processing, and analyzing more and more data for security operations. This can lead to a situation where CISOs are spending a lot of money and collecting terabytes of data but still struggling to get value out of these data assets. PJ said that he sees the same pattern because security data collection is often done with no specific objective but rather as a safety net in case the data is ever needed for any purpose. ThetaPoint tries to guide customers toward a particular use case first. In other words, PJ works with CISOs to start with an objective and then determine what data to collect and analyze to achieve this goal.
In part 2, we go on to talk about the role of SIEM and the future of SOAPA. Many thanks to PJ and ThetaPoint for participating in the ESG SOAPA video series!