A lot goes into running a successful Managed Security Service Provider (MSSP). Getting the right people at the right time is critical. However the challenge of talent acquisition can be overwhelming. Wouldn't it be great if every year a business could just select talent from a skilled pool? If you could, what skill set would you put the highest priority on? Since the American football season is well under way; I thought it would be a fun exercise to put this problem in the context of fantasy football. Today is Draft Day, let's see how everyone is filling their roster...
Joining us in this draft are:
Grant Leonard, Castra Consulting
Aaron Moffett, Viopoint
First Round
Joe: “I'm taking an Analyst first. Finding a true disciplined Analyst is tough, given the rarity I have to pick them first. The judgement of an analyst is the customer facing aspect of an MSSP service. I'm not taking any chances there.”
Grant: “I'm going Platform, on the platform front I can have this person wearing all hats for now then specializing in Implementation or other later. This person reports directly to the MSSP visionary and is their right hand for now.”
Aaron: “1st in the draft for me is a SOC Manager. The glue that holds everything together. Someone with a clear vision of what can be done and how to do it. Someone with passion to drive the MSSP to greater heights and some who can communicate with the client and understands the value of teamwork.”
Second Round
Joe: “I have to go Platform with the second pick. Grant's rationale is very true, I want to have a solid foundation for my service offering.”
Grant: “I need an Analyst, by this time I will need to begin building the analyst team and begin specializing so my MSSP can grow. I want autonomous thinkers for this role, they are front line for my clients.”
Aaron: “I have to start picking up analysts. At VioPoint we look for attitude and aptitude. I need people who are naturally inquisitive, enjoy dissecting environments and can document their investigations clearly.”
Third Round
Joe: “Have to go automation here. I've got a platform, someone to use it and now I need someone to optimize it. Automation pays long term dividends, I'm getting started early.”
Grant: “hmmm......automation is key, but I can defer that a bit, I can either take another platform specialist or an analyst, likely a platform specialist to assist with implementation and client growth. One of the two platform specialists will later become core team support I suspect, one will remain focused on client implementations, both can work alarms for now.”
Aaron: “Now that I have a core of quality people it’s time to decide on a platform and grab a platform specialist. There are number of security tools out there and a bunch of them are half baked. Some vendors will promise the world and deliver something just north of zilch. I have spent untold hours evaluating these products, and my advice is to pick one that has a strong position on the “Gartner Magic Quadrant for SIEM” and fits your clients needs.”
Fourth Round
Joe: “With my first three picks I have the system in place. Now I'm going to add more value with a Security Researcher. I think it's important to have someone internally feeding data into the analyst loop. research->(analyst -> automation-> threat intelligence->analyst)”
Grant: “Definitely grabbing an automation person, as the initial three will need help in reducing repetitive tasks that they have identified as they continue to evolve their process. Goal is reduce time to Day 2 Operations, but also reduce tuning, updating, maintaining systems already under maintenance. Hopefully this person can cover the role Joe describes above, but.......that is questionable and I would need to play this out to see what happens.”
Aaron: “I really like Joe’s loop but for this round I’m going to have pick someone with strong automation or DevOps skills. As Grant mentioned this person’s work will reduce operation time. I can give this time back to my analyst who can spend it doing security research. Efficiency and expertise are two key deliverables of an MSSP.”
Later Rounds:
Joe: “I'm going to fill the rest of the roster up with Architects and Deployment engineers. If my service is at scale, I'll need accurate and streamlined deployments. If an analyst is still around, I'd pick another one up as well. 2-man rule and all that. Given the number of breaches I could also take an Incident Response professional and hope that work converts to Monthly Recurring Revenue.”
Grant: “Later rounds can be nearly anyone based how my business evolves. I should begin considering odd roles like Project Managers in order to improve the business side of the MSSP or as Joe pointed out Security Researchers, or even Compliance Experts as Aaron notes below. It’s one thing to perform the security work and another to manage the business. Architects are grown from Platform Specialists and Deployment Engineers are merely specialized Analysts or Platform folks. My Implementation engineers can double as SOC Analysts early on for additional coverage. In other words I want to focus on growing from within.”
Aaron: “In the later rounds I’d start building out my special teams. A compliance expert is a must. Compliance is important to my clients and as an MSSP I need to make sure we understand their pain points. After that I start looking for an ex-red team hacker, a real wild card. Someone who can keep my people on their toes and give us the opposition's view on security.”
There you have it. While this draft was fantasy, the challenges of security are far too real. You can see it takes a diverse team to manage security in today’s environment. Don’t have the resources for a dream team? Consider partnering with an MSSP who does, let their team tackle security while you head for the goal line.
What would your team look like? Would you go compliance or maybe IR?
Tell us your picks in the comments or hit us up on Twitter at @AlienVault and @pkt_inspector!