One pattern I spotted after looking at the evolution of IT and security organizations over the years, including my time at Gartner is: change is hard, but transformation is harder.
Perhaps it is an IT Axiom of some sort, with a Theorem I that follows: many who say they want to transform, really don’t.
And Theorem II: many wish for purported results of a transformed operation, but cannot bear many (any?) of the costs.
So when I hear that a certain security team or a security operations center (SOC) wants to transform to a new, modern model, numerous challenges arise. One significant factor is the tendency of individuals to become attached to the familiar processes and tools they have been using for an extended period, after sometimes investing a lot of blood, soul and fortune (vendor S comes to mind, but I digress … this is not really about SIEM). Additionally, there may be a concern that the new model will be more complex or challenging to manage, leading to even more reluctance to adopt it. This attachment can create resistance to change and make it challenging to embrace new approaches no matter what happens outside the organization.
It seems like there’s a desire for so-called “transformation lite” where few things change, but the results are comparable to that of a transformed organization. It is very clear to me that such a thing is utterly impossible.
Let’s bring this to our ongoing discussion of modern SOC. For example, in our now-infamous Ghost of SOC presentation (and This article has been indexed from Security Boulevard