Building the SOC of the Future - JP Bourget, Michael Mumcuoglu - ESW #399

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process.

In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future.

It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however.

Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working?

In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections.

Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again.

Session Resources:

• Rethinking Threat Exposure Management: A Unified Approach to Reducing Risk

This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future

Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering.

In the enterprise security news,

Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-399