TechSpective Podcast Episode 106
Security analysts spend their days monitoring activity in applications and across the network to identify vulnerabilities, detect attacks, and take the appropriate actions to prevent or mitigate threats. However, a good percentage of the work that is done in a Security Operations Center (SOC) is tedious–tasks that must be done, but hinder the ability to focus on the more complex work of identifying and resolving issues.
John Gillis, a Senior Cybersecurity Analyst for the SOC at Adobe, joins me on this episode of the TechSpective Podcast to share how he uses custom browser extensions to automate routine and mundane tasks to streamline operations and free up time to do more complex work.
In a recent blog post, John explained how he uses browser extensions in the SOC and the impact that has for him and his team. “As a member of our SOC team, I always look for ways to help improve efficiency in how we do our jobs — every second of our time matters when we need to respond to and defend against ever-evolving threats. My effort here helps keep the focus on my analysis work by letting the browser automate the more mundane tasks. ”
The analogy I use to describe this effort is a jigsaw puzzle. When you dump out the box of a 1,000-piece puzzle, the first thing you typically do is sort the pieces into general color groupings so you can more easily find a red piece or a green piece or whatever as you work to construct the puzzle. It is only after you do this tedious sorting that you can get down to business and analyze the pieces to figure out how they fit together and solve the puzzle. Effectively, what Gillis is doing is using browser extensions to automate the sorting of the pieces so he can leapfrog to the analysis and problem-solving aspects of the effort.
Aside from reducing the manual effort required for tedious tasks, this sort of automation also helps address alert fatigue. The automation can be used to take care of some of the initial triage of security event information to separate the signal from the noise and only elevate things that are more likely to be legitimate concerns to the human security analysts to examine more closely.
Check out the full episode for our discussion of automating routine security tasks using browser extensions, and insight from John on how these automations also reduce alert fatigue and help maintain consistency from analyst to analyst in how things are done. We also veer off to chat about the current explosion of generative AI models and the pros and cons of offloading tasks to generative AI tools and platforms across all industries and roles.
The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:
Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.
If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.
- Detecting Anomalies with ‘Project Caspian’ - February 19, 2024
- The Strategic Partnership Elevating API and Endpoint Security - February 15, 2024
- Simplifying Cybersecurity from Confusion to Clarity - February 12, 2024