How SOCs are changing: Location, remote work and more

[0:00:01] Chris Sienko: Every week on Cyber Work, listeners ask us the same question, what cyber security skills should I learn? Well, try this. Go to infosecinstitute.com/free to get your free cybersecurity talent development e-book. It's got in depth training plans for the 12 most common roles, including SOC analyst, penetration tester, cloud security engineer, information risk analyst, privacy manager, secure coder and more.

We took notes from employees and the team of subject matter experts to build training plans that align with the most in demand skills. You can use the plans as is, or customize them to create a unique training plan that aligns with your own unique career goals. One more time, just go to infosecinstitute.com/free, or click the link in the description to get your free training plans, plus many more free resources for Cyber Work listeners. Do it. Infosecinstitute.com/free. Now, on with the show.

[0:00:56] CS: Today on Cyber Work, A.N. Ananth of Netsurion joins us to talk about the future of SOCs. Security operation centers used to look a lot more like bunkers, crowded with network traffic analysts who rarely got to see the sun. Ananth sees the COVID-induced era of remote SOCs to be the new reality, but also a really good way to bring new professionals in from small towns and faraway locations, making it a partial fix to this cybersecurity skills gap. Lots of good job hunt tips of this one as well folks, so stick around for Cyber Work.

[0:01:33] CS: Welcome to this week's episode of the Cyber Work with InfoSec Podcast. Each week, we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of InfoSec professionals, while offering tips for breaking in, or moving up the ladder in the cybersecurity industry. Today's guest, A. N. Ananth is the Chief Strategy Officer and Resident Cybersecurity Evangelist at Netsurion. He is also co-creator of Netsurion’s open XDR platform.

With an extensive background in product development and cybersecurity operations, he has consulted for many companies on their security and compliance strategies, audit policies and automated reporting processes. Ananth is a leading expert in IT security and compliance with over 25 years of experience in IT, control and operations and speaks frequently on cybersecurity topics.

Ananth holds an MSEE from the University of Texas and remains active in strategic product direction to the open XDR platform at Netsurion. Today's topic was suggested by Ananth. We're going to talk about the way that SOCS have changed in the last couple of years, with remote work and teams getting more and more diffused and not always in the same room. We're going to talk about some of the ramifications of that. Again, Ananth, thank you very much for joining me today. Welcome to Cyber Work.

[0:02:49] A.N. Ananth: Thank you, Chris. Good to be with you. Hello, all. Thanks for taking time you’re your day to listen to this.

[0:02:55] CS: Absolutely. Always appreciate that. Love our listeners. To start with, I to get to know our guests a little by tracing their interests. Obviously, you've got a long career in IT and security What first got you interested in computers and tech and what drew you to a career in security?

[0:03:13] AA: Actually, I come from the telecom world. Originally my education, I'm a EE. We’re going to do signal processing. Then the computer science department had an open assistantship, and when it is the heart and blood for any graduate students. That is how I got sucked in there. One thing led to another. In the telecom world, this was called fault management. Because fault lines of availability is very common there, not so much in IT. Anything that can cause a fault in the network, initially, it was thought to be operational, and then it became a security thing. That's my journey coming from that universe into IT security.

As networks became more open and you could get hacked, telecom networks are famously closed, but IT networks are not. Therefore, security instead of – is really the reason for the fault, more than some operational thing, which of course, can be fixed.

[0:04:07] CS: Right, right. Yeah. Yeah, I think you're definitely not the first guest I've had on who was interested in a different thing, and then found that securing the thing they were interested in was more interesting than the thing they’re originally interested. That definitely tracks here. I tend to snoop around my guest’s LinkedIn pages to see the story in my head of their career trajectory. Looking at your past experience, I see that in some ways, you've planted your flag in the sand and stuck to it. You were the CEO of the event tracker managed threat protection platform, which is now folded into Netsurion from 1999 to 2016. Now, you're the Chief Strategy Officer at Netsurion. Can you tell me about that journey? Then the other activities, or related projects you are engaged in and about the ways that you've changed and grown your work from the start of event tracker up to the present?

[0:05:01] AA: Sure thing. Well, it's worth noting, I've been married to the same woman for 30 years and lived in the same house for 25. I guess, it's part of a pattern.

[0:05:09] CS: Same. Yeah.

[0:05:10] AA: Being the founder and the CEO of that product allowed us to evolve that product. As frankly, the industry evolved, technology evolved. Being your own boss is not what it's always cracked up to be. But certainly, was very valuable and useful. I mean, the most important thing was, if you didn't satisfy your customers, you didn't eat. There's nothing like that to focus you on what's important and what's selling.

Since 2016, Netsurion, through its majority owner has taken a large stake. Frankly, that gave us some freedom to explore other areas, without being hemmed in by some of the operational concerns. Now, what's next quarter look like? How are we going to eat tomorrow, that kind of thing. That problem is now solved. Therefore, we get to explore some of the more interesting things. Frankly, the A, number one problem that we face today and that is scale. It's nice to do this in miniature, and you have to solve every problem that the big boys have, but then to be able to scale without having to be always concerned about what tomorrow's payroll is going to look like is a luxury. It made sense to explore that in this context.

[0:06:24] CS: Got you. Now, can you talk about – I mentioned in your bio, you remain active in strategic product direction for open XDR platforms. At the same time, you’re chief strategy officer and evangelist. Do you ever have – sometimes when we talk to managers and high-level execs, they are happy to talk with the clients, happy to learn their insights, but also seem a little bummed out that they don't get to actually do the hands-on dirty work of playing with the platform and stuff. Do you have a balance between the – like you said, the making sure that the paychecks keep rolling through and the scale is there, with actually getting to play around with the tech and the stuff that excited you in the first place?

[0:07:14] AA: Indeed. That's the whole point of the strategy is to define what v.next looks like. Knowing how the platform has been put together and having led a lot of the teams that were involved, some of which are still active in the company, it allows me to be a bit more realistic. Otherwise, if you're that strategy can be constructed pie in the sky, without a connection to what is actually possible, what is actually practical?

I get to have be cockeyed. On the one side, I am mindful of the team that we built and their capabilities and the platform and its capabilities. On the other side, I get to see what the next generation is going to look like, because it’s always one. I mean, in the cyber landscape, tomorrow's threats, tomorrow's solution is going to be different than today's. Indeed, for us, we see a lot of automation, we see a lot of intelligence. I hesitate to call it artificial intelligence. I’m comfortable with machine learning, as a way of getting the scale, especially for anomaly detection as a power tool to help the teams actually manage these incredibly large volumes of data. That's a luxury that in years past, maybe I couldn't really indulge, because I was too busy looking at customers and practical problems and what's going to happen next Tuesday and things of that sort.

[0:08:41] CS: Speaking of teams, today, we're going to talk about a cybersecurity role that's integral to most security operation’s day-to-day existence. Of course, I'm talking about security operations center, or the SOC for short. Before we talk about Netsurion’s recent findings, for the benefits of our audience who are still trying to find their footing and figure out what career role within cybersecurity they want to pursue, what is the security operation center, and what are the day-to-day operations of a standard SOC?

[0:09:08] AA: A security operations center is warranted these days in medium to large organizations at a minimum. For small organizations, it tends to be an outsourced function, because it's difficult to stand up for themselves. The idea is that your network is so critical to your business process, that losing it negatively impacts your business in a major way. Whether you're a travel agent, or you're a government entity, or a hospital, or a financial institution, your IT system and its connection to vendors, customers, the websites and so on, has become very critical to your ability to conduct business.

Anything that threatens it, therefore, is a major concern. The old days of just assuming you could administer it, and all would be well are well behind us. A SOC is a function, either built in-house, or perhaps co-sourced, or perhaps fully outsourced, which pays attention to the security of that network. That are, if you’re connected to the Internet, a variety of threats that are there. We are in a universe now, especially in the western hemisphere, which is always on. Always broadband on. Indeed, downtime, even for a minute is a problem.

That means that you can get to China with one click of the mouse, but you know what? China can come to you with one click of a mouse, too. Who's watching? Who's paying attention to that stuff? That's fundamentally what a security operations center does. It focuses on the assets. It could be people. It could be public cloud. It could be software as a service, like M365. It could be employees working at your company, or nowadays from home remotely. It could be your own data center. Any, or all of these are part of your asset list. A SOC would have purview over all of these assets, because all of them working correctly, is critical to your business process. That's what a SOC is.

[0:11:09] CS: Can you talk about the different – the constellation of work roles within a SOC? Because I'm sure we have SOC analysts and SOC engineers. I assume there's also, maybe a SOC manager sometimes in there. What is the average number of employees in a SOC for most medium and large businesses?

[0:11:27] AA: It depends on whether your SOC is operating 24/7 or not, number one. If it is, then at least 12 people, assuming that you're being reasonable about time off, being sick, going for training, things of that sort. Then, it also depends on what kind of SOC you're running. We've seen basic SOCs, that are fundamentally about alerting from the instrumentation. We've seen intermediate SOCs that incorporate threat intelligence on top of the basic SOC, and are now a little bit more proactive. Then we've seen advanced SOCs that incorporate a ton of automation and new processes.

Depending upon the kind of SOC you're trying to build, and whether it's operating 24/7 or not, that's what governs how many people and what sorts of roles and what sorts of skills you need in the SOC today. I mean, yesterday’s SOC was really frankly modeled after IT teams. IT teams, especially tend to be helpdesk, they tended to be level-based. You were a level one, or a level two, that had better still than a level three that had even better skills.

Talking to the stakeholder inside was a – not really care. They could be Neanderthals. They could be knuckle drivers in the basement. As long as they knew they’re IT, that was fine, because they never really interacted much with the outside world, so grunts and creatures were okay.

In today's SOC, that's not really possible. Therefore, the modern SOC is not focused so much on levels, but is instead focused on competency, or skills. There are a variety of skills that you need to run the SOC today, which corresponds to the kinds of threats that you get. You get hunters, junior ones, senior ones, yes. But hunters, who are aware and alert of what's going on. You get folks that are aware of threat content. You people that have the skills to have a meaningful discussion with either a vendor, or an inside customer, or a stakeholder.

Of course, you have a manager, as you pointed out, especially the software running 24/7, nothing takes care of itself. You need someone to pay attention to all of that. Then lastly, you need to worry about onboarding interfaces with other departments, maybe have a key, maybe other parts of the company. Then don't forget training, training, training, training. It's a constant in our universe. Either that's being done by the manager, or if your SOC is big enough, it's actually a thing on its own. These are some of the roles that you see in a modern SOC.

[0:13:58] CS: Yeah, it's a little society within the larger society of the organization, right?

[0:14:02] AA: Indeed. The advantage is it allows some degree of specialization and a career growth for the individuals. People that have skills in threat and threat hunting, don't really want to do customer interface. Similarly, the guys that know about automation and curation, probably don't want to sit in front of the alerts and then be responsible for those 24/7. To each his own, if you like.

[0:14:27] CS: Right. Okay, so we were talking about how there's a group within the group aspect of the SOC here. As you put it in our pre-show discussions that they might work in “like a NASA-like control room,” or at least there's that perception. You were saying here that you have a little more interaction with your stakeholders, or your vendors, or your clients. What is the interaction of the SOC at large with the rest of the company? I guess, I'm also trying to get a sense of whether there's a us versus them mentality. That happens a lot. Certainly, with help desk, I think there's that sense of we're here to – You go to the IT crowd, you tried turning it off and turn it back on again, kind of vibe. How does the SOC work with regards to the rest of the company?

[0:15:25] AA: First of all, I think the NASA control room concept has been overcome by Coronavirus, or COVID. There isn't a lot of places where you get together as a group and sneeze or laugh at each other. I'm afraid that’s a thing of the past now. But you know the very best SOCs are attuned to the business, rather than think of themselves as some sequestered super specialist, who will sneer upon the lowly user. The ones that succeed are the ones that really understand what the business is, what risks are appropriate and what the users are doing, what sorts of applications are in play, what's important in order to keep the railroad running. Because after all, they all serve the same batch.

If they're not prepared to do this, then they become technologists for technology's sake and that's interesting, but only at the lower levels. Anywhere above the medium or higher levels, you got to talk business. You have to be able to explain how, what you're doing, benefits the bottom line. Without it, what would be the consequence? And ask for choices. That's what any SOC is really supposed to be good at. Here's what's going on. What do we want to do here as a team? I could tell you what the consequences are of do nothing, or do this, or do that, option A, option B. A SOC, aside of constantly monitoring and then maybe naming and shaming some, especially egregious users. The main function isn't that. The main function is to keep the business safe.

For that you need to know what the business considers valuable, important, useful, appropriate. What's customary in your industry, in your vertical? The best SOCs are the ones that are tightly integrated with all of those things.

[0:17:05] CS: Ananth, you said you wanted to come on the show, because of some polling that you did recently. You recently did an informal poll on LinkedIn. Many of the respondents were SOC users themselves. You said that 59% of the respondents said that the location of the SOC was unimportant. Like you said, the aforementioned image of the SOC is a NASA-like control center might well be obsolete, which I think is provocative and intriguing. To start, do you think this move towards remote multilocation SOC operations started and/or accelerated during COVID, in the pandemic? Do you think this was a direction that was happening before that?

[0:17:40] AA: I mean, it was only getting distributed because of skill shortage. You had a SOC in location A, you had to think about one in location B, simply because you were running dry on finding, hiring and keeping people. They were still essentially centralized. Maybe you followed the sun, because of the way your company expanded. A SOC became an adjunct to your IT teams, which maybe were distributed. The acceleration to from home was initiated by COVID. I'll admit, I was in a fetal position a couple of years ago, when it became clear that we had to send everybody home, because it was a new experience for us.

Surprise, surprise, it's actually worked out, same for SOCs, as it has for a lot of the other knowledge workers. We're able to do this function effectively, without losing a lot of SLAs, service level agreements with our customers, and we're able to do it. The big plus up, if you like, has been that it has really opened the door to recruitment. Now, instead of being stuck in the city that you're in, you can pretty much be nationwide, or indeed global, if that's of interest to you. You have to develop the skills to manage these workers, but that's a strong plus.

[0:18:52] CS: Yeah. Oh, absolutely. That's something that we talked about on here a lot is people who want to get into the industry, but might be in a small town, or taking care of an ailing parent and don't have the wherewithal to move to a big tech center, or something like that. That can only be a good thing to me. Speaking from a more technical standpoint, are there any additional security challenges in fracturing a SOC into its component parts? Are there any restrictions on distance, or time schedule, or geographic location issues in building a SOC team?

[0:19:25] AA: Two things to bear in mind. One is separate the SOC team from the data. The data that you're collecting needs to go somewhere. These days, it's common to have it in public cloud. Things like AWS, or Azure, or Google Cloud, or Oracle Cloud. That can also be distributed based on your retention requirements by nation. In a GDPR, folks tend to want it in their region. North America wants to have it in the region and so on. That's one thing. Keeping the data together in one place, so that you can analyze it and so on.

The second, other part you're asking me about is the people. Where may they be? It's useful to get the teams together periodically in person, because no matter how much we love this remote stuff, we are social animals. For certain aspects, especially onboarding, training, group hugs kid of thing, it's useful to actually be able to get together. It's not a, we were all together forever in the NASA control room all the time and then now gone to be remote and never see each other ever again. Both of them are extremes. Probably closer to the gone away part.

Never, never, never is a challenge. Therefore, that might drive some of you need maybe within the same rough geography, with enough budget, maybe to get together in person, in order to celebrate the highs, or to do training, or to get some specialized onboarding going on. Those kinds of things is a necessity. I think you have to have balance.

[0:20:55] CS: Yeah. To that end, without summarizing the past 18 months of headlines, both in cybersecurity and the job force at large, we certainly know about the cyber skills gap and we talk about here all the time. The news at large talks about the great resignation and the way that the workforce has become maybe a little more stealthy in terms of where people are going once they quit jobs that they were untenable during COVID, or they just wanted to make a change. One of the things I discussed with the past guest was how, say in this firing cybersecurity professional who might come from a remote, or small town with fewer opportunities, as I said, can do this type of work. But how to acquire experience to make themselves attractive to jobs in denser employment locations.

Speaking to your point about how SOCs don’t have to be in one place, can you talk about how embracing, rather than fighting against the fractionalization of the SOC can bring new talent into the team?

[0:21:48] AA: Yeah. First of all, simply consider non-native English speakers. They can be and we know from our experience, that they are highly effective when it comes to threat hunting, or automation, because they speak the appropriate languages of scripting, or they speak the appropriate language of programming. Maybe don't quite know who the Yankees are and why Houston won, but it's not the only skill that you need in a SOC. That's one thing.

That handicap, which used to trouble people in the past location, workpapers, English skills can be compromised somehow, without affecting your overall outcome. The second thing is, we've had to do everything remote. This includes onboarding remote, includes training remote, includes interaction remote, it includes meetings remote, it includes customer interactions remote. Even if we're willing to go to a customer location, very often, they're not there for us to meet them. Things must be remote. This opens the door for folks that aren't in maybe major metros within striking distance of Silicon Valley, or New York City, and can get this stuff. Of course, we're assuming that they have a proper broadband Internet always on connection. That has become a common thing now in.

[0:23:11] CS: Yeah. Yeah, I totally agree. One of the things that I tried to be very aware of is that sometimes large gulf between what's being said by the guest on the podcast and what we hear in the comments below the episode. It's undeniable that we have a skills gap. There's just so many open roles, and everyone says that we want to hire you. Yes, you. We just need to hear from you. Then the comments below often will say things like, “I've got four certs, and I've reached out hundreds of places, and I can't even get an informational interview.” We hear both, if you have the passion, we can teach you the tech and we like unconventional backgrounds. Bring your psychology, physics, law, philosophy degree into the discourse. Once the job post is created, it becomes well, this entry level job requires SEC plus, NET plus, CISSP strongly preferred. What advice do you have for the frustrated, well-studied people in the comments who are still having a hard time getting a foot in the door? What's the missing piece of the puzzle?

[0:24:05] AA: Well, the missing piece of the puzzle, frankly, is non-technical HR teams that perform pattern matching. Once the recruiting manager releases a job profile, some HR folks that don't know IT security from a hole in the wall, or from an accounting position, or from a shipping clerk position, will only know to pattern match. Therefore, whatever words are looked for in the job description is what they're looking for, and they're unable to connect that this thing really means the same.

As a hiring manager, it's important for you to train your HR in order to be able to understand what's being implied, instead of just strictly what's being said, number one. Number two, as a recruiter, you are a recruiting manager, you have to agree that you're going to interview often. Know they're not all going to be gems, but you never know. The most interesting people, like the comment says, have come from the most unconventional background. That's been true for us forever. On the other side for the job seeker, in my view, it's a mixed bag. On the one hand, the larger companies tend to have more technically aware HR, so your Google, Microsoft, the usual lot of characters, can afford a more educated HR team that can look past just the pattern matching.

On the other extreme, the smaller folk, out of necessity, do that. It's the mid-band that tends to be difficult, because you're neither a large Microsoft, or the 100,000 plus people, nor are you a startup with 50, or a 100 people. Therefore, those guys can really pretty much go by formula. As a job seeker, that is something to bear in mind. Also, by the way, location plays a difference. The folks that are in unconventional places will recognize somebody that is in that unconventional place. Whereas, the traditional people that are based in all of the common areas tend to not do that, because they've never really had to.

[0:26:20] CS: Yes, right. Now, yeah, I want to drill in on one thing that you said there. It sounds like, one piece of the puzzle that I haven't heard anyone say before is, you need to get used to not just, I have four interviews set up with the people who are the absolute creme de la crème. You have to get used to taking a chance on people who might not line up perfectly and just see what the fit is. That might mean asking more abstract questions, or interrogating their other backgrounds. Can you speak to that a little bit? Is that something that you're involved with as well?

[0:26:56] AA: I was involved with it quite deeply, until recently where I've become responsible for strategy. I found that going the traditional manner, releasing a requirement, putting it on HR, and then assuming that they'll find somebody and then only talking to them after HR has gotten through with them, results in folks that maybe have done that same job for 11 years, but it's the same year repeated. It's Groundhog Day. You don't really want to enjoy those people at all, even though according to HR, they were the ideal candidate. Which means that you as a recruiting manager, have to train your HR team.

Then when you speak to these individuals, it's a skill to draw out. Because sometimes they cannot express it in a manner that would make it sensible, which is making them even that much harder to recruit. Sometimes you have to roll the dice and take your chances. We, for example, found that having a probationary period, especially for the lower positions was helpful.

We found that not being obsessed with educational qualification was also helpful. In a growing field, looking for people that didn't necessarily have that computer science, or engineering background, but had a demonstrated track record of being able to think. Also being patient, which is not something that we're very well known for, because the pressures are intense. If you got an open position, you need it filled today before yesterday. There that is that anxiety to take the best fit, close the position and move along. It's a learned skill. That's a luxury that either the smaller teams must indulge in, or the larger teams can afford. It's in the mid-band that it becomes really, really painful, because you need to have the luxury, nor the training, or the wherewithal to do this.

[0:28:52] CS: That's right. Now, can you speak to things – if people are getting filtered out by as you said, the plunky HR sorting methods, or whatever, are there particular things that you like to see on a would-be SOC person's resume that you puts them at the top of the list? Are there certain experiences, or you'd mentioned people doing one thing for 11 years. Do you like to see people who have done a lot of things over the years, or does that matter necessarily?

[0:29:28] AA: It does matter. The most important thing is, are they curious? We see that the most successful SOC employees are ones that have a mixture of curiosity and experience. Then if you don't have experience and haven't done this forever, what's left? What's left is curiosity. Are you teachable? Are you wondering about how this stuff works? Can that be demonstrated in some fashion in your resume? You took courses, you listen to particular speakers, you explore certain topics, you engaged in some activity through COMPT, or anywhere else, that allowed you to explore a particular topic? Are you able to speak, read, or write about it and say something interesting in the resume in the interview that suggests that even though you may not know everything there is to know about it, you know how to spell it, you checked up on it, you understood this, that and the other thing.

There's now a wealth of resources on the Internet. There's no topic that you cannot explore. Are you giving your own time, instead of watching Seinfeld again, for the Nth time. Are you prepared to look and study something that's relevant? That demonstrates curiosity. Now, experience will come with time. Once you've got both C and E, you'll be in the top right. What I worry about other people that don't have any curiosity, but have experience, because these are the ho-hum floater types. Of course, ones that are neither curious, nor have the experience are not interesting at all. They want to be bootmakers, or they want to fry fries. That's not interesting. Anything else, especially more curious is something that we can work with and enjoy.

[0:31:10] CS: Yeah, I think, you mentioned writing and stuff, too. I think, we've heard a couple of guests say, and I think you probably can corroborate this too, that that writing blog posts, or doing your own investigations on problems to be solved. I don't think it necessarily matters if you're reinventing the wheel, or that problem has been solved in a different way, or you didn't get all the details right. You really want to know that they're at least interested enough to say like, “I'm looking into the problems of the industry. I'm trying to figure things out and stuff like that.” I imagine, that's going to be a real leg up, right?

Yeah. Okay, so yeah, these are all good tips here. As we wrap up today, Ananth, can you tell us about Netsurion, its XDR platform and some of the projects and developments that you're eager to talk about going into 2023?

[0:32:08] AA: The open XDR platform, were a managed solution. We took all of the software development that we’ve done and put it into the cloud, and made this available as a managed open platform. By open, by the way, what we mean is that we recognize that you've already made investments in security. We're interested in not rip and replacing them, but integrating them into the threat detection services that we offer. That's what open means in our world.

Managed means, and bulk of the work really falls on us. Your job is to enjoy the benefits, sort of like Uber. You let Uber do the driving. You can focus on that nice building on 125th, or do email to the spouse in the back, without having to worry about tools and traffic and parking and any of that. That's what managed means in our world. What are we interested in doing in 2023 and beyond? A couple of things. One, the threat scape constantly evolves. It's important for us to be able to evolve with it. There are new solutions, new approaches that are coming up. EDR, for instance, wasn't a thing maybe five, seven years ago. It's indispensable now. Things like that are going to occur for us in industry. One second.

Okay, I'm back. The other thing, of course, as I mentioned, is scale. It's nice to do this at the level that we're at, but can we do it 10X? Can we do it globally? This requires a dedication to not just the process, but also automation. It's one of the two most difficult problems in Silicon Valley, as they say. One is naming the company. It’s where we've gotten Netsurion. The other scaling and we're working on the second one.

[0:33:58] CS: Got it. One last question. The question everyone wants to know, if our listeners want to connect and learn more about A.N. Ananth, or Netsurion, where should they go online?

[0:34:08] AA: Oh, the website. We spent a lot of energy building that up. Netsurion.com is your one-stop place.

[0:34:13] CS: Okay. Any place they should start first? Do you guys have a blog, or things to get people started on what you're about?

[0:34:20] AA: The blog itself is online. There is a site, there’s this section called Catch of the Day. When we catch stuff, we publish a vignette that describes what is it that we caught, how was it – how did it manage to escape?

[0:34:32] CS: Oh, cool. Yeah.

[0:34:33] AA: All the other things. Then where does it play and how does it get analyzed? What's the lesson to be learned? These are of course, anonymous. But in general, people love stories. What's going on with the neighbors? How did this actually come about? One of the most effective ways to communicate value, or to communicate desired behavior is through a story, rather than through a sermon. The catch of the day would be the best place on the website to go look for that.

[0:34:57] CS: Love it. All right, A.N. Ananth, thank you for your time and all your great insights into the future of SOCs. I really appreciate it.

[0:35:02] AA: Thank you, Chris. Good to be with you.

[0:35:04] CS: As always, I like to thank you all for listening to and watching Cyber Work Podcast at a larger scale than we've ever seen before. We're delighted to have so many people along for the ride and we thank you for your support. Go to infosecinstitute.com/free to get your free cybersecurity talent development e-book. It's got in-depth training plans for the 12 most common roles, including SOC analyst, penetration tester, cloud security engineer, information risk analyst, privacy manager, secure coder and more.

You can use these plans as is, or customize them to create your own unique training plan that aligns with your own career goals. One more time, that's infosecinstitute.com/free, or click the link in the description below. Thank you once again to A.N. Ananth and Netsurion, and thank you all so much for watching and listening. As always, we'll talk to you next week. Take care.