Cyber Threat Intelligence Podcast: Maturing Security Operations
Jeremy Leasher, Axellio’s Security Solutions Architect, recently had a conversation with the podcast host Nick Thomas about information security in both defense and commercial enterprise security organizations. They were especially focused on the security skill shortage in many security organizations and how Axellio steps in to address this challenge.
Jeremy is a security professional with wide-ranging experience within the DoD and Commercial sectors. In addition to designing solutions for Axellio’s customers, Jeremy is also a Chief Warrant Officer Three (CW3) with the National Guard Defense Cyber Operations team where his duties extend across operations, technical leadership, and training. Axellio provides security organizations in enterprise and defense with complete solutions for threat detection and response solution.
One topic in particular Jeremy and Nick discussed at length was the increasing threats from nation state threat actors impacting both business and national security. While those countries are training offensive cyberattack at a young age, the US is faced with a significant skill shortage. We still lack a cohesive approach to the profession of a security analyst. Despite many certification programs being created by both defense and commercial institutions, Jeremy discusses the significant shortage of qualified security analysts.
According to a recent posting by the University of San Diego, 59% of survey respondents believe their companies are at moderate to extreme risk for cybersecurity attacks due to severe cybersecurity talent shortage. With attacks and alert fatigue increasing and job resources at short supply, Jeremy discussed how security operations need to be more efficient and require more visibility into urgent versus important.
To compensate for the lack of qualified personnel, Jeremy described how security operations are becoming more technology and tool reliant, which actually makes the problem worse. With the average enterprise employing 45 or more security tools, the level of complexity in security tool usage that many companies are now demanding includes a long list of product-specific certifications from their applicants. This however drives an education that often lacks the technology understanding of networking, protocol stack, and end-point behavior. This is essential when tools provide the data but not the answers for threat detection and response. It is critical for security operation teams to close this gap to mature their incidence response and reduce security risk.
Jeremy also talks about Axellio's Threat Hunting Education course currently under development. This two-day, hands-on course is a tool agnostic seminar to address the above challenges. Initially offered free of charge, the goal is to teach security professionals about the importance of threat hunting, how to properly prepare and to teach the necessary tools, and processes for fast decision making based on solid data. Listeners of the InfoSecSync Podcast will get preferred access to the initial course which is scheduled to be available by May 2021.