1 00:00:00,05 --> 00:00:01,08 - [Instructor] Welcome back. 2 00:00:01,08 --> 00:00:04,02 Okay, it's time to go to work. 3 00:00:04,02 --> 00:00:07,03 Chris Cross, Global Bank International's 4 00:00:07,03 --> 00:00:10,04 newly appointed chief information security officer, 5 00:00:10,04 --> 00:00:12,00 has been tasked with building 6 00:00:12,00 --> 00:00:14,04 an internal security operations center. 7 00:00:14,04 --> 00:00:16,07 Chris knows that staffing an internal team 8 00:00:16,07 --> 00:00:18,09 is going to be a heavy lift. 9 00:00:18,09 --> 00:00:21,03 He recently delivered a presentation on the initiative 10 00:00:21,03 --> 00:00:24,08 and loved our ideas around ensuring the roles are defined 11 00:00:24,08 --> 00:00:27,01 with a pipeline mentality in mind. 12 00:00:27,01 --> 00:00:29,00 So he asked us to provide more detail 13 00:00:29,00 --> 00:00:31,06 by defining one of the roles on the team. 14 00:00:31,06 --> 00:00:33,05 Take a look at this list of responsibilities 15 00:00:33,05 --> 00:00:36,00 for a SOC analyst he sent over. 16 00:00:36,00 --> 00:00:38,07 This is a great starting point but will need some work 17 00:00:38,07 --> 00:00:41,06 before it's ready for primetime. 18 00:00:41,06 --> 00:00:43,09 If you recall from the previous video, 19 00:00:43,09 --> 00:00:46,05 when Audrey decided to open up her candidate pool 20 00:00:46,05 --> 00:00:50,06 to more junior talent, the first thing she did was list 21 00:00:50,06 --> 00:00:53,09 the day-to-day responsibilities of her cake designers. 22 00:00:53,09 --> 00:00:57,09 Then she separated the low-risk tasks with the intent 23 00:00:57,09 --> 00:01:01,06 to align those responsibilities to a junior baker. 24 00:01:01,06 --> 00:01:04,00 We'll take a similar approach with this list 25 00:01:04,00 --> 00:01:05,09 but with a bit of a twist. 26 00:01:05,09 --> 00:01:08,06 In order to help Chris solve staffing challenges 27 00:01:08,06 --> 00:01:11,07 in an easy to understand and repeatable fashion, 28 00:01:11,07 --> 00:01:15,03 we'll use the LEADERS framework to build the list out a bit 29 00:01:15,03 --> 00:01:18,01 and help us get some definition around the various roles 30 00:01:18,01 --> 00:01:19,05 on the team. 31 00:01:19,05 --> 00:01:23,04 To be clear, the LEADERS framework is nothing fancy, 32 00:01:23,04 --> 00:01:25,08 certainly not worth writing a book about. 33 00:01:25,08 --> 00:01:28,02 It's simply a seven-step framework I developed 34 00:01:28,02 --> 00:01:31,07 to help define skill levels within specific job roles. 35 00:01:31,07 --> 00:01:33,09 Let's dig in. 36 00:01:33,09 --> 00:01:36,00 Step one, which is already done, 37 00:01:36,00 --> 00:01:40,03 is to list the top five to 10 responsibilities of the role. 38 00:01:40,03 --> 00:01:41,04 Once that's done, 39 00:01:41,04 --> 00:01:45,00 we need to establish our evaluation criteria. 40 00:01:45,00 --> 00:01:48,00 Due to the demanding nature of the SOC function 41 00:01:48,00 --> 00:01:50,08 within an organization's cybersecurity program, 42 00:01:50,08 --> 00:01:52,05 a few options that come to mind 43 00:01:52,05 --> 00:01:56,06 are level of criticality, risk to the organization, 44 00:01:56,06 --> 00:01:59,06 and, let's say, training requirements. 45 00:01:59,06 --> 00:02:02,06 This is by no means an exhaustive set of criteria, 46 00:02:02,06 --> 00:02:05,01 but it does serve as a good baseline that you can 47 00:02:05,01 --> 00:02:07,09 continue to expand and improve upon as you become 48 00:02:07,09 --> 00:02:10,06 more familiar with the framework and make adjustments 49 00:02:10,06 --> 00:02:13,09 according to the needs of your specific team. 50 00:02:13,09 --> 00:02:17,09 Next, assess the responsibilities in the list 51 00:02:17,09 --> 00:02:20,05 against the evaluation criteria. 52 00:02:20,05 --> 00:02:24,05 The table displayed shows a sample outcome of this process. 53 00:02:24,05 --> 00:02:28,01 As you can see, I've chosen a very basic, three-level 54 00:02:28,01 --> 00:02:31,02 high, medium, and low ranking system which, again, 55 00:02:31,02 --> 00:02:34,04 you can modify if necessary to meet the needs of your team. 56 00:02:34,04 --> 00:02:37,07 Perhaps a numbered system of one through five, for example, 57 00:02:37,07 --> 00:02:40,01 if a three-level system feels limited. 58 00:02:40,01 --> 00:02:42,08 Of course, no two organizations are the same, 59 00:02:42,08 --> 00:02:45,00 so results will vary based on things 60 00:02:45,00 --> 00:02:48,06 like prioritization and risk tolerance. 61 00:02:48,06 --> 00:02:51,07 Once you've completed the initial assessment, you may find 62 00:02:51,07 --> 00:02:54,05 that some of the items in your list are too broad, 63 00:02:54,05 --> 00:02:56,04 requiring you to rank them at a level 64 00:02:56,04 --> 00:02:59,03 that is higher or lower than you may like. 65 00:02:59,03 --> 00:03:02,04 To address this, the next two steps in the framework 66 00:03:02,04 --> 00:03:05,08 are to determine which items may be a bit too broad, 67 00:03:05,08 --> 00:03:09,09 then expand them into additional sub-items as necessary. 68 00:03:09,09 --> 00:03:12,07 The table shown highlights the additional granularity 69 00:03:12,07 --> 00:03:14,09 achieved by expanding the first task, 70 00:03:14,09 --> 00:03:18,05 which can of course be done for other tasks as well. 71 00:03:18,05 --> 00:03:21,05 Once you've done this, you'll repeat the assessment 72 00:03:21,05 --> 00:03:24,04 and modify your rankings as needed. 73 00:03:24,04 --> 00:03:28,00 The final step in this exercise is to specify 74 00:03:28,00 --> 00:03:30,09 which responsibilities most appropriately align 75 00:03:30,09 --> 00:03:32,06 to each skill level. 76 00:03:32,06 --> 00:03:36,00 The decisions made in this step are based on the outcome 77 00:03:36,00 --> 00:03:39,03 of the assessment against the evaluation criteria 78 00:03:39,03 --> 00:03:41,01 as well as a level of responsibility 79 00:03:41,01 --> 00:03:44,00 you're comfortable assigning to a junior resource. 80 00:03:44,00 --> 00:03:46,02 For example, is the decision 81 00:03:46,02 --> 00:03:49,00 to only assign low-ranking tasks? 82 00:03:49,00 --> 00:03:51,09 Is low to medium ever okay? 83 00:03:51,09 --> 00:03:54,04 Ultimately, these decisions are judgment calls, 84 00:03:54,04 --> 00:03:57,04 so unfortunately I don't have a magic formula to offer. 85 00:03:57,04 --> 00:03:59,00 But, hey, these are the challenges 86 00:03:59,00 --> 00:04:01,03 we live for as leaders, right? 87 00:04:01,03 --> 00:04:02,07 Maybe. 88 00:04:02,07 --> 00:04:04,08 Oh, one other thing I wanted to point out 89 00:04:04,08 --> 00:04:06,05 is that although this course is focused 90 00:04:06,05 --> 00:04:09,05 on creating opportunities for entry level talent, 91 00:04:09,05 --> 00:04:11,06 this framework can be used as a starting point 92 00:04:11,06 --> 00:04:15,04 to segregate duties at the mid and senior levels also. 93 00:04:15,04 --> 00:04:18,00 Well, looks like we've successfully made room 94 00:04:18,00 --> 00:04:19,06 for some entry level talent. 95 00:04:19,06 --> 00:04:20,08 Well done. 96 00:04:20,08 --> 00:04:23,02 Hopefully, Chris will give us some positive feedback. 97 00:04:23,02 --> 00:04:26,00 Let's go to the next video and see what he has to say.