Sign up to save your podcasts
Or
Share Barrett Caldwell and Omar Eldardiry, "Improving Analyst Team Performance and Capability in NOC / SOC Operations Centers"
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Barrett Caldwell and Omar Eldardiry, "Improving Analyst Team Performance and Capability in NOC / SOC Operations Centers"
Network Operations Center and Security Operations Center (NOC / SOC) teams have complex and challenging cognitive tasks that are crucial to the IT health of the organization, but existing tools and metrics do not support this range of tasks. To enhance their key tasks, namely situation awareness, incident response, prevention and knowledge sharing, it is critical to understand how people, tools and information sharing co-function in a NOC environment, and what limits their performance--from low-level analysts to their managers and team leads responsible for translating this NOC/SOC value to others in the organization. Beginning at RSA 2014, our research team began to explore how to improve the information available and displayed to NOC / SOC analysts, team leads, and managers. Our interviews and information display usability efforts are focused on recognizing and reducing the gaps that limit NOC/SOC effectiveness and integration with the rest of the organization. The two recurring themes that address the needs of lower- and higher-level analysts, and their managers were: 1) Analysts need to effectively turn data visualizations into usable presentations to increase network situation awareness, and 2) SOC leads and managers need tools and metrics to effectively communicate the status of the organization�s network assets, team operations and company�s incident response preparedness to the rest of the organization. Besides standard training, analysts are required to engage in the development of expertise and acquiring skills necessary to perform required tasks. Transfer of organizational knowledge to novice analysts efficiently is a vital process to maximize the organization�s capabilities at all times. In preliminary interviews, network managers and team leads stated that they are unaware of tools that will allow them to document work procedures and cases to be used as a resource for novice analysts. They express frustration from the need of their continuous involvement in operational level tasks that interrupt their managerial tasks.
View all episodes
By CERIAS <[email protected]>
4.1
77 ratings
Network Operations Center and Security Operations Center (NOC / SOC) teams have complex and challenging cognitive tasks that are crucial to the IT health of the organization, but existing tools and metrics do not support this range of tasks. To enhance their key tasks, namely situation awareness, incident response, prevention and knowledge sharing, it is critical to understand how people, tools and information sharing co-function in a NOC environment, and what limits their performance--from low-level analysts to their managers and team leads responsible for translating this NOC/SOC value to others in the organization. Beginning at RSA 2014, our research team began to explore how to improve the information available and displayed to NOC / SOC analysts, team leads, and managers. Our interviews and information display usability efforts are focused on recognizing and reducing the gaps that limit NOC/SOC effectiveness and integration with the rest of the organization. The two recurring themes that address the needs of lower- and higher-level analysts, and their managers were: 1) Analysts need to effectively turn data visualizations into usable presentations to increase network situation awareness, and 2) SOC leads and managers need tools and metrics to effectively communicate the status of the organization�s network assets, team operations and company�s incident response preparedness to the rest of the organization. Besides standard training, analysts are required to engage in the development of expertise and acquiring skills necessary to perform required tasks. Transfer of organizational knowledge to novice analysts efficiently is a vital process to maximize the organization�s capabilities at all times. In preliminary interviews, network managers and team leads stated that they are unaware of tools that will allow them to document work procedures and cases to be used as a resource for novice analysts. They express frustration from the need of their continuous involvement in operational level tasks that interrupt their managerial tasks.