Security Operations Centers tend to encompass a 'Jack of all trades, Master none' type of setup. Security Analysts are required to learn different skills and procedures on-the-fly to meet expectations from other teams throughout the organization. This results in SOC's over promising and under delivering when the rubber meets the road. Security Operations needs to be broken out similarly to that of traditional IT teams. With each team encompassing different level of analysts specializing in skills and technologies. During this presentation I will be discussing current team (SOC and IT) layouts, why it's not working, and how Security Operations should be broken out. This presentation will also touch on ensuring teams also maintain the true Purple Team concept (mesh of blue team and red team players). Security teams are spread too thin within the organization and a shift must occur to ensure security is properly delivered.

Bio: Tom Gorup was an Infantry squad leader in the U.S. Army serving in Iraq and Afghanistan where he received the Purple Heart. After the Army, Tom joined Rook Security as a security analyst and quickly progressed to his current position of SECOPs Manager. In this role, Tom oversees the monitoring, scanning, and incident response for hundreds of enterprise-level companies. Additionally, Tom has spearheaded the transition into 24x7 operations and incorporated ITIL best practices. Tom also worked on the development of multiple proprietary threat intelligence tools. Tom is GCIA certified as well as a participant in the GIAC mentor program and a member of the GIAC Advisory Board.

Back to Circle City Con 2015 Videos list