ESG's Jon Oltsik talks with P.J. Bihuniak of Theta-Point about SOAPA and Cybersecurity. This is part 1 of a 2-part series.
Read the related ESG Blog: SOAPA Video with ThetaPoint (Part 1)
Jon: I'm here with P.J. Bihuniak, COO of Theta-Point. Welcome.
P.J.: Thank you, Jon. Appreciate it.
Jon: And we're here to talk about SOAPA.
Jon: Now, you've been around security operations for a long time. What's changed? What's changed and brought us to this point where SOAPA's even something to talk about?
P.J. Well, it's interesting. I think when I started in the industry I had hair, and nowadays when you look at what's transpired, not a lot. There are certainly new technologies, new innovations, but it's still a very reactionary industry. And so what we're seeing in market now is organizations that are still struggling with the same people and process issues like they always have, underutilized technology. And, you know, the cloud, quite frankly, has been extremely disruptive as the new way of conducting business, and more importantly as a way for these organizations to optimize the way they conduct security operations.
So whether it's outsourcing to a third party to do level one, level two analyst work or whether it's been an organization that looks to a low cost provider, maybe somewhere else in the world, you're seeing the shifting of the economics, but you're not necessarily seeing a lot of innovation as it relates to that.
Jon: Okay. And so how much of this is a technology issue, and how much of this is a process issue?
P.J.: I don't think you can have the conversation without them going hand in hand, right? It's a people, process, and technology issue. And so if you look at what's purported out there, we definitely have a cybersecurity skill challenge, no doubt. Technology, you know, if you look at the underutilized technology, again it was a reactionary approach. So, I've got acute pain, therefore I'm gonna go buy a piece of technology, and I'm only going to utilize 20% of it, without understanding what the other 80% could possibly do for me, and I don't necessarily have a cohesive strategy in how I'm going to integrate that into my entire security operation stack. And then you've got the wrong people or maybe they're not skilled people to actually operate and maintain these technologies, and that's where we get pulled into the operation to help them.
Jon: Yeah, the people are crying help. They have these things... And are they recognizing the fact that all these things really are better if they work together?
Jon: They're just missing the skills or the processes to do this?
Jon: Okay. We're seeing a tremendous amount more data being collected for security operations, and one of the complaints is I'm collecting all this data but I'm not getting value out of that. Are you seeing that as well?
P.J. Absolutely. Yeah. And it's interesting, right? We look at the problem of data collection, and it is a problem, right, because in some cases you become culpable if you hang on to that data and don't do anything with it. Therefore, you should have knowledge around that. We tend to take a more top-down approach when we're working with our clients, so we'll ask the fundamental question, "What's the ultimate goal here? What are we trying to get out of this?" That will in turn drive a use case or a deliverable that will come from that data and that will help us whittle down to the data that needs to be collected.
I think there's been a shift in industry, perhaps from, you know, the cybersecurity vendors that are saying it's so easy to collect all this data, why wouldn't you do it, then you can go mine it, you know, post. Well, there is a cost and a risk associated with doing that, and they just don't have the people and processes to do anything with it anyway.
Jon: And how much of it is "I want the data for historical reasons," as you suggest, versus " I need the data real time to be able to contextualize it, correlate it, enrich it. If there's an issue, I wanna know everything about that issue."
P.J. I think there's a shift towards that approach. I think there is also a perspective that I don't know who's ultimately gonna want this data, therefore I should collect it because perhaps it's gonna be a line of business that wants the access to this data or maybe it's IT operations that want access to this data. It's easy to collect, therefore I'll do it. I don't know necessarily who's gonna be the consumer of it downstream.
Jon: Yeah. We're seeing that too, is part of it is just defensive. If i need the data I wanna make sure I have the data.
Jon: Versus more proactive, really, what data will I need to collect? What's the most important data? What can I throw away after a certain amount of time?
Jon: Yeah. So, can you still around for another part here?
P.J. Of course I can.
Jon: Second part of the video?
P.J. Love to.
Jon: Okay. Sounds good.
P.J. Thank you.