Making Security Operations Scale

As cyber threats continue to escalate, organizations and governments alike are facing the most critical workforce shortage of our time. The current number of experienced cybersecurity professionals is not nearly enough to satisfy the insatiable hiring demands required to keep our societies safe. We are woefully short-handed in defending against increasingly sophisticated threats. To meet this increasing pressure, we need to rethink our approach to scaling security. To start, information security teams should focus on replacing workflows oriented around reviews, approvals, and manual security incident response with workflows oriented around automation and monitoring – to whatever extent that’s possible. According to Google’s Site Reliability Engineering (SRE) culture, security operations teams should aim to split their time 50/50 between engineering and manual processes. This new approach to security is referred to as SecOps.