Ariel Weintraub sees intelligence, agility, and a more robust talent pipeline as key components of a strong cybersecurity program.And as head of enterprise cybersecurity at MassMutual, an insurance and financial services firm, she has a plan on how to bring those pieces together to deliver for her organization.In fact, Weintraub has already brought on new analytics capabilities, beefed up the company\u2019s security operations center, and expanded its talent programs\u2014all in an effort to achieve and sustain her objectives.\u201cWe exist to support the business, so we have to understand the systems we\u2019re protecting and what the business risks are, we have to understand the company\u2019s priorities, and we have to have a way to quickly test against controls,\u201d she says.Weintraub moved into MassMutual\u2019s top security role in February 2021, after working for 18 months as the company\u2019s head of security operations and engineering.As such, she already had a solid grasp on the organization and a clear vision of what she wanted to achieve as she took on CISO responsibilities with her promotion to the executive spot.Building up in-house analytics, security operationsWeintraub acknowledges that MassMutual had some of her priority components in place before she became head of enterprise cybersecurity. But she saw a need to strengthen and mature her team\u2019s capabilities on all those fronts to keep up with the ever-evolving and increasingly sophisticated threat landscape.Weintraub says that reality is driving her initiatives.One initiative is to bring more intelligence into the security function.The company, she explains, had implemented a commercial user behavior analytics (UBA) tool before she took over security. It demonstrated the value of using analytics in cybersecurity, she says, but it also showed her the need to have algorithms more finely tuned to MassMutual\u2019s own environment.\u201cIt validated that we needed to do it on our own,\u201d she says.So she leveraged the company\u2019s existing data science team to write the algorithms for its own proprietary UBA platform, one that Weintraub expected could better evaluate MassMutual\u2019s own environment and its unique traffic patterns to differentiate normal from suspicious.\u201cWe have a lot of complexity in our organization, and I believed with our internal resources we could build something more specific to our environment,\u201d she says, explaining that as a large 170-year-old company it has a mix of on-premises and cloud resources as well as a significant number of processes to secure.Weintraub saw another benefit in building a custom UBA platform: increased agility and quicker responses to evolving threat intelligence data.\u201cI have a red team, an offensive team, that\u2019s constantly testing our controls. And they sit next to the team building the UBA platform, so they can make sure the UBA can catch their activities and adjust [to threats] in real time. We literally tune the tool while we do the testing and in real time can tweak the models. We can tweak to either a known use case or tweak for a new threat actor technique,\u201d she says.The in-house tool lets her team handle even large changes more quickly than commercial options, she adds, pointing out that her organization uses agile software development processes and works in sprints to ensure rapid delivery.\u201cIt all makes us very agile,\u201d she says.Meanwhile, she says the intelligence within the tool further enables her and her team to better keep pace with the speed at which threat actors evolve tactics. As she points out: \u201cHumans can\u2019t keep up with the changes in techniques as fast as AI and machine learning models can.\u201dExpanding agility and strengthWeintraub is building agility and strength in other areas of her security department, too.For example, she\u2019s bringing more speed to risk re-prioritization, which had traditionally been done through a quarterly process that recertifies what the company considers its top risks.\u201cThreats may change quickly. And we recognize that we may need to more frequently reprioritize what our risks are, so if something new comes up, we can focus our time to adding new controls,\u201d she says.Key to this, she further explains, is using the NIST Cybersecurity Framework, the MITRE ATT&ACK Framework and a risk register (which she implemented).Additionally, Weintraub has focused on evolving the company\u2019s security operations center.MassMutual had used a managed service provider for 24\/7 monitoring with only a small in-house SOC team to handle escalated incidents.Weintraub, however, said she believed an in-house team that knew the company and what normal vs. suspicious looked like (thanks in part to using its own UAB platform as well its use of commercial SIEM tool) would be more effective in identifying potential troubles.As a result she now has a follow-the-sun operations center with locations in the United States, India, and Romania.Weintraub said the SOC\u2019s use of data, particularly within the UAB platform, and automation means she didn\u2019t have to hire an army to staff the center to be highly effective.\u201cIf you create a baseline of service accounts, then you know what\u2019s normal,\u201d she says.The way Weintraub sees it, an in-house SOC team equipped with analytics models customized to its own IT environment and its own traffic patterns can better detect not only a compromise but also post-compromise lateral movements that are often hard to identify.That capability, she says, makes it more likely that her company could detect even a zero-day attack.\u201cI don\u2019t think MSPs have the context that someone working internally has,\u201d she adds. \u201cThere are so many nuances, and if you don\u2019t understand the business processes, the architecture, the context, you can either over-escalate incidents or miss the true events.\u201dCreating a talent strategyAlthough Weintraub\u2019s evolution of the SOC aligns with her goals of increased agility, intelligence, and responsiveness, she says she also saw the move to an in-house SOC as a way to address staffing issues.\u201cWe recognized when I joined that we had a talent shortage and that we wanted to grow our team,\u201d she says, noting that her company\u2014like many others\u2014saw burnout among SOC staffers.To address both problems, Weintraub says she decided to use her SOC as a talent pipeline.\u201cFor companies that build out their own SOC, you\u2019re going to have more effective response and a great set of talent that can be leveraged for other purposes,\u201d she says.She hires people into the SOC where they can develop skills and experience and then move up into other areas of the organization.And she looks to non-traditional areas, such as workers without computer or security degrees, to fill the SOC roles. That helps get around the market shortage of experienced security professionals and bolster diversity among her team.She also looks for candidates with intellectual curiosity, knowing that she can teach them the technology and cybersecurity skills needed to do the work. (\u201cIt doesn\u2019t work every time, but it works out most times,\u201d she says.)Additionally, Weintraub created a new rotation program for summer interns who are hired as full-time employees.The two-year program, which starts with its first class late this spring, will have the new hires work in three different position for eight months each so they develop more skills, and thus, agility, and so they gain a greater view of the security profession and the company\u2019s own operations.Weintraub says the program fits well with her overall focus on professional development and diversity, saying both help bring needed skills, new thinking, and a variety of perspectives to the complex challenges facing security teams today.