Protecting the capital investments in your SOC

Oftentimes in business we tend to think of capital investments in terms of purchasing new equipment, new software or a larger office space to house a growing organization.

But a closer look at the traditional definition of capital investments is revealing. The term is generally defined as—or some close approximation of—investments not sold during the course of regular day-to-day business but necessary for ongoing activities and long-term growth.

As a CIO or CISO, if you examine this definition in the context of security operations, you’ll likely find that the money you pay annually to your senior IT security staff represents one of your largest on-going investments. It qualifies under the aforementioned definition because you are investing in an employee that helps protect your organization against security threats and the resulting problems—such as decreased customer trust due to data breaches or regulatory fines—that can disrupt ongoing operations and expansion. And considering the average senior IT security engineer earns a salary of more than $109,000 per year according to Glassdoor.com, in just five years’ time you’ve likely invested more than $500,00 in that individual.

Protecting your investment in security operations

Now consider what would happen if that person came in tomorrow and gave two weeks’ notice. If you had a mechanism to capture the methods and best practices your senior team member had built over the last five years, your other team members would be able to refer to that workflow, both during and after their tenure, and reuse those processes for threat resolution allowing you to better absorb the impact of your staff’s departure.

On the other hand, if those procedures have not been captured anywhere or were scattered in several locations across multiple locations, your security leader’s departure is analogous to forfeiting a half-million-dollar investment. Additionally, without those processes to lean on, any new team member who is on boarded is going to take longer to get up to speed and you are going to have to spend more resources to capture new procedures so you avoid the same problem in the future.

So, taking a closer look at how—or if—you are documenting security methods is a good idea if you have any hesitation about how you would handle losing a senior staff. If your examination leaves you feeling vulnerable, now is the time to start figuring out how to proactively protect your investment.