• United States




How sharing success can translate infosec into exec

Mar 13, 20184 mins
Data and Information SecurityTechnology Industry

For security to grow into this new role across the industry, analysts need to work with one another to celebrate their successes, provide key learnings on tying security advancements to key business functions and ensure that the entire security community grows stronger.

successful team collaboration shows happy employees celebrating and giving each other high fives
Credit: Thinkstock

The simple truth is, security is changing. Whether it’s new data and privacy regulations, a host of new potential vulnerabilities brought on by the Internet of Things, or an enhanced sense of vulnerability at the onset of automated security tools, security experts are learning that the past model for doing business just isn’t going to cut it. In order to effectively protect their organizations’ data, security teams need to be more proactive in sharing their successes and actively collaborating with their peers to help move the entire security industry forward.

Security teams tend to have a difficult time speaking to all of the things they did well. This is for a variety of reasons, but mostly because, when security is done correctly, there’s an assumption that other business teams shouldn’t notice it at all. This shouldn’t be the case. Security teams should be encouraged not just by their own leadership, but also by the executive team, to share successes, as they become a larger enabler of the business. As security grows into a central focus for a business, a big part of that “enablement” role depends upon security teams having a seat at the executive table and helping decide which new technologies offer enough business benefits when weighed against any potential security vulnerabilities.

Stop trying to prove a negative

Leaders in the Security Operations Center (SOC) have had to transition from a mindset of “keeping the lights on” to helping guide their organization’s agenda. How? By focusing the majority their efforts on protecting the most vital and risk prone aspects of their organization. Let’s take a closer look at an online retailer as an example.

Due to the nature of their business, online retailers have an existential imperative to focus on monitoring and protecting their website, customer and transactional data, all to ensure their continued existence. In order to establish security as a core strength for their business, the online retailer’s security team should focus on sharing all of the new and established initiatives to ensure the integrity of that data.

Find a place to drop anchor

Having an established or anchored principle that drives forward a SOC team can help it not only establish an identity, but also share its success across an organization. One guiding principle for a lot of companies I talk to is detection over prevention. For example, let’s revisit the example of online retailers. By their very nature, retailers have a wide range of internet acting properties that can be potential vectors for attack. A successful security team using a vulnerability management approach centered on detection would be able to mitigate risk by building a program that quickly identifies, remediates and resolves known vulnerabilities in those properties. By focusing the SOC’s resources on a specific area that is both critical to the business and a key security concern, the security team can readily highlight its performance and the positive impact it has on the business.

Security is a team sport

Finally, once a security team has successfully redefined its role as central to the future of its company, it needs to share that path to success with its peers. Security is a team sport. By fostering a community that isn’t just transparent but also proud of its success, security teams can more actively collaborate on building more effective protocols, identifying new threats and establishing new methods for addressing shifting security standards. At the same time, security teams can turn around and use the success of their peers as a blueprint for how they can expand security’s role at their business.

Sharing these successes doesn’t have to involve hosting a keynote at a conference or creating a blog post detailing the process – although those might certainly help. This process can be as simple as a frank conversation between team members in the organization, or an outward facing conversation with friends or other analysts seeking advice online.

As the security industry continues to evolve, it’s never been more important for security teams to redefine “business as usual”. To effectively secure its organization, the SOC will need to proactively insert itself at the heart of the business and ensure that the security impact of any new technology or process is considered at the beginning of development. For security to grow into this new role across the industry, analysts need to work with one another to celebrate their successes, provide key learnings on tying security advancements to key business functions and ensure that the entire security community grows stronger. Keep an eye on the shift and increase in trust as security teams move from being a reactive part of an organization to being a proactive and integral part of a company’s infrastructure.


Monzy Merza serves as the head of security research at Splunk. With over 15 years of cybersecurity leadership in government and commercial organizations, Monzy is responsible for helping advise and implement strategic security programs for Splunk’s cybersecurity customers, working hand-in-hand with executives across the Fortune 500 to develop modern security architectures.

Monzy is also responsible for leading the Splunk Cyber Research team, which arms Splunk customers with actionable threat intelligence to combat advanced threats.

A noted international speaker, Monzy frequently presents at government and industry events on topics such as nation state threat defense and machine learning. His current security research is focused on integrated approaches to human-driven and automated responses to targeted cyber attacks.

The opinions expressed in this blog are those of Monzy Merza and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.