AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

A year in the life of a SecOps Director

by

In this blog we introduce you to Sam, a hard-working Security Operations Director who faces challenges and ultimate successes when he is introduced to AlgoSec

 

Meet Sam. He’s a Security Operations Director who manages a group of firewall administrators. Every day, Sam and his team get requests from the company’s application delivery team and they work hard to respond and keep up with the rapid pace of change. For years things had run smoothly, but as the business continues to evolve and grow, the pressure on Sam and his team is only increasing. It’s now at the point where things are starting to slow down, and people are complaining that Sam’s team is holding the business back.

This dilemma is one that many of you reading this might be able to relate to. What should Sam do next? What are his options? Throw money at the problem? Try to hire more staff and grow his team? Let’s continue along Sam’s path and see what he does next.

Under pressure, Sam does what any Security Operations Director would do in his shoes and tries to get more hands-on deck. He approaches the company’s CFO to discuss bringing in several new team members, but after a fairly slow quarter, he struggles to get approval. After several months struggling to keep the ship afloat, he finally gets the nod to hire five new colleagues. This could be the gamechanger he’s been waiting for. He sets about looking for candidates, but quickly realizes that experienced talent in his sector is extremely hard to find. It’s a candidate’s market out there, and he’s on a tight budget. Sam settles for a group of five talented graduates – what they lacked in experience they’d make up for with intelligence, drive and ambition. They might not know the network yet, but they’ll get there – right?

Several weeks in and Sam’s graduates are working hard, but Leah, his number one, is constantly putting out fires and working overtime to teach the new recruits what they need to know. Her job has gotten ten times more difficult and, as a result, she hands in her notice. Leah’s gone, along with all of her expert knowledge.

Sam is now in a difficult situation. Yes, he has a larger team and more resource, but in the process, he’s lost his best employee and he’s got several inexperienced members of staff on the payroll. He’s inadvertently created more work for himself and his original team. Let’s skip forward a few months…

Seemingly out of the blue, the application development team has started using DevOps in the cloud and their number of submitted requests has skyrocketed. Not only that, but they’re asking Sam for faster turnarounds and they want him to assume responsibility for securing the applications residing in AWS and Azure. Sam’s not aware of what’s in the cloud or what’s going on, so how can he be tasked with keeping it secure? He thinks about the other responsibilities he has, like managing dozens of firewall vendors on the on-prem data center using multiple management consoles and wonders how on earth he’s going to add cloud security controls into the mix!

Sam takes it on the chin and informs his team, but he’s really feeling the pressure. He’s working longer hours than he ever has before and last week he missed his daughter’s birthday when he had to deal with an outage caused by his inexperienced team. How could they not know that a firewall change they made would break a critical business process? Because Sam hadn’t had the time or resources to properly train them, that’s how.

A few weeks later, Sam’s company appoints a new CISO. He’s thrilled at the idea that this might change things in his department for the better, increasing resources or spreading the workload to make things more efficient. He listens eagerly to the CISOs plan and is filled with dismay when he hears that the CISO wants changes to firewalls to completed in “the time it takes to order a pizza”.

What’s Sam to do? He’s lost his best member of staff and worked hard to get his relatively non-experienced team to a level where they could complete a change request in 5 days as opposed to 21 days, which wasn’t easy. Now he’s being asked to make those changes in less than an hour. What’s more, he’s being bombarded with inquiries from project managers and application developers about connectivity paths and related firewall policies affecting business continuity and performance. Things aren’t looking good for Sam and his team…

Sam catches up with an old friend and colleague over lunch and shares his frustration. Sam’s friend listens intently before saying: “I’ve been there! That was me a year ago! I know exactly what you need to do…”

Sam’s friend explained how he’d been using a platform that has flexible API integration with firewalls, routers, and load balancers in the cloud and on-premise from AlgoSec. The intelligent Network Security Policy Management (NSPM) solution, which also integrates with organizational and cybersecurity systems to enable business-driven security management, would keep the new CISO and application development teams happy.

Sam learned that this new solution could intelligently translate business requirements in technical terms, ensuring they complied with security protocols before being pushed to the firewalls and routers on-premise at zero-touch. Forget the time it takes to order a pizza – this new solution will be able to handle change requests in the time it takes to make coffee!

Nearly two months on and Sam has implemented the solution, and things are better than they’ve ever been. He’s even introduced a self-service chatbot that application delivery teams can use via their desktop or smartphone instead of calling Sam’s team for every inquiry. Sam and his team are happy and productive and seen as business catalysts and enablers rather than barriers to progress. Whatever pace the business wanted to move at, Sam’s department is right there alongside it, paving the way safely and securely.

Sam’s story is one we hear a lot at AlgoSec. In fact, solving Sam’s problems is the main reason AlgoSec exists. It’s not just about improving security, agility, visibility and compliance – essential though these things are. It’s about allowing busy people like Sam to spend time with those he loves and focusing on the things that really matter.

If you found Sam’s story oh-so-familiar, we’re here to help. Let’s talk!

Subscribe to Blog

Receive notifications of new posts by email.