I have been spending a lot of time trying to understand the best ways to plan, build and augment security operations. From operations policy to staffing to procedures to best practices, I am always wondering what the best way(s) are to maintain and operationalize security expertise.
From the Service Provider community we are seeing a few different models, and I would like to cover as many as possible.
1. Customer specific Security Operations teams for tier one through tier four assistance.
2. Service specific teams for network, security, and access services.
3. Blended engineering and operations teams to do both network and security.
4. Tier Four expert operations team fed by all NOC / TAC / SOC / Support teams.
5. Ninja warrior soldier style operations – one guy, one network, one truth.
I am interested in collecting thoughts and experiences around some of these models – good, bad or indifferent and expanding a bit here on the blog. The goal is to really understand what works, what doesn’t and why with an emphasis on comments from real world experiences. Links and best practices encouraged and welcome.
So if you are willing to share your security ops knowledge and experiences feel free to drop me a line at email@example.com. I will summarize and post my findings here at some point. Thanks in advance.