Learn from Past Mistakes
When something goes wrong, an important alert is missed, or an incident occurs, ReliaQuest's Murphy advises recording the details. "When something happens or there's a technical challenge, it's taking the time as a team to write down what happened," he explains. "It's an easy way to show people how things behave in the environment."
As you configure your systems and get a handle on alerts, it's helpful for current and future employees to measure success and improvement over time, Murphy says. Case studies can accurately portray how data flows throughout the business and how the team solves problems.
Security operations is a proactive process, Vectra's Morales explains, and the answer comes down to the company's risk awareness. Most companies are reactive toward security issues, when they should be coming in every day and identifying potential problems.
"You need to document, and map out, and take this seriously in a proactive way," he says.
(Image: Sfio Cracho - stock.adobe.com)