Division LJ Kushner & Associates, Whitepaper
November 11, 2020
Situation: This client’s product is vital to the global financial services industry and operates on a complex private network. Our financial systems rely on the integrity of this client’s data in order to run, therefore customer data protection, information accuracy, and availability/reliability are paramount to the company’s success. After placing their Chief Information Security Officer (CISO), this
global financial technology company, based in New York City, engaged us to continue to build out their Information Security Program including an Information Security Operations Center (ISOC) Team.
Search / Assignment
We worked with the CISO to understand his vision for the ISOC Team and the needs for each role, including an overall leader, individual team lead, and experienced analysts with various skillsets:
ISOC Director – An experienced leader who can strategically build-out and advance the ISOC function, communicate up through the C-level, as well as earn the confidence of the ISOC Team.
ISOC Team Lead – The most technical member of the team required to not only have the technical depth within threat detection and incident response but also convey a level of maturity for management.
Experienced ISOC L2, L3, and L4 Analysts – The analysts monitor and analyze activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise.
To do this well, we require various skills/knowledge in the ISOC space, including but not limited to:
Triage of Detection Alerts
Forensics – Host and Network
Proactive Threat Hunting
Malware Analysis / Reverse Engineering
Incident Response
Threat Intelligence / Indicators of Compromise
Automation/Programming Skills (generally Python)
Methodology
From the onset of the project we forged a partnership among the CISO, hiring managers, the client’s talent acquisition team, and our firm. Then we proceeded to:
Identify the appropriate level of talent for each role.
Qualify a shortlist according to skill and location; introduce opportunity and company.
Make introductions to CISO and existing ISOC Team for initial interview / assessment.
Manage further interview processes from inception(introduction) to close (accepted offer / onboarding).
Result:
Over a six month period, we placed the ISOC Director, an ISOC Team Lead, and five experienced ISOC Analysts with various technical skills. The majority of the team is still in place and successfully operating the program four years later.
Comments