Why Developing Training Programs & Community is Essential for Security Buyers | Jay Jay Davey

Interested in sponsoring an episode like this with your target buyer?

→ Reserve your sponsorship here. ($2,575)

Guest at a Glance:

💡 Name: Jay Jay Davey

💡 What he does: Jay Jay is SOC Client Lead at Bridewell Consulting, an NCSC Certified Cyber Security, Managed Security, Penetration Testing and Data Privacy solutions provider.

💡 Noteworthy: Jay Jay is also Chief Operating Officer at Cyber Jobs Hunting, a place for anyone in security to come find work and network with peers from across the globe, and Chief Educational Support Officer at CyberMentorDojo, a platform to enable students to find a mentor to help create a path into Cyber Security.

💡 Where to find Jay Jay: LinkedIn

Episode Description

Vendors need to start building relationships.

Instead of looking at lead filters or lead generation.

They need to start integrating with the community a bit more.

And they need to start learning from the people on the ground, just building communities, because those communities are going to be filled with potential leaders of the future.

And if you can get really good relationships with them now, that's going to influence buying decisions in the future.

Brutally honest insights from Jay Jay Davey, SOC Client Lead, Chief Educational Support Officer, and Advisor.

In this episode, I had a conversation with Jay Jay about his challenges, goals, what vendors do that piss him off, and the alternatives.

Episode Insights:

How Jay Jay got into cybersecurity

Jay Jay has been in cybersecurity for about six years and in technology for about 11 years. He started off doing communications in the armed forces.

He didn’t like his job in the armed forces because he felt he wasn’t challenged enough. So, he left to pursue a service desk role, which he hated, but it led him to a security operations role.

“I didn't even know it was in cybersecurity. I just thought it was another IT role. I was like frosted into this world of cybersecurity and it was trial by fire. Five years later, here I am today. Some people consider me a leader in security operations.

To myself, I'm still learning every single day.

Every single day, I realize how little I don't know. And that's the kind of beauty of the industry.”

What Jay Jay hates most about the cybersecurity industry

Cybersecurity, to Jay Jay, is quite an advanced technical field, so, looking for businesses that are going to be hiring at that entry level is incredibly difficult.

And it is quite a big ask of businesses to open their arms to say, “we're going let people have this responsibility,” which could potentially cause more impact.

Somebody that has to manage risk that has no experience and will be able to do it - that's quite challenging for businesses to get to that stage.

They need to be able to sacrifice the resources to train that person. That could potentially take more resources away from the business. That hiring manager may need to step away from their duties to train people up.

And that becomes quite cost intensive for businesses. So a lot of people are trying out for entry level roles.

Why don't we change the narrative a little bit?

Instead of trying for these entry level roles, why don't we say, “Hey, how do we bring ourselves up to the level which is being asked for more common?”

Why don't we focus on that instead of dragging the barriers down to a lower level, which overall drags the quality down of people because people aim for a lower level.

Why don't we strive to meet that requirement?

I'm one of these old fashioned people where I say, well, let's, let's meet them. Let's not say meet in the middle. Let's go meet them.

Let's improve ourselves as much as we possibly can to fulfill their requirements.

Even in this economic climate, it's incredibly difficult for any department or any function to have an entry level role.

Even accounting - they want people that can go in to do accounts straight away. They don't want people to learn on the job.

They want people to be able to go there and perform their role. They want to make sure that that investment in that person is going to pay. Straight away.

They want to be able to see that return on investment. They want to see that work happening.

What they don't want to do is essentially become an academy.

Jay Jay’s one bleeding neck challenge as a professional working in security operations

Maturity and security operations keeps Jay Jay up at night.

It's the fact that a lot of businesses stick a security operations center into their business and just don't do anything with it. They just throw logs at it, it produces alerts and it does stuff. That's all they're concerned about.

They don't have a maturity strategy.

They don't think, “okay, we're generating alerts, but how do we look at this security operations factory that's generating potential value that we can look at?”

How do we remove the constraints in a security operation center?

One of my analogies is the security operations center is a factory. There's the inventory, there's some materials going into the factory, so we could say log sources, and then there's the throughput, the processes, the SIEM, the correlating the data to producing the alerts, and then the output, which is the product, which is the incidents, the alerts.

How do we mature?

How do we make sure that this factory is working optimally aligned with the business goals and objectives instead of just throwing more inventory in and hoping that the processes in the middle that are trying to generate these alerts keep up with what you're trying to do?

Maturity is one of these things that I think that the industry is struggling to grasp.

What does maturity look like? How do we approach maturity? Why do we need maturity?

The security operations is a function in itself that needs its own strategy.

The ultimate goal a SOC leader is trying to achieve

A security operation center that integrates with almost all business functions in some way, shape, or form, that provides value to all business functions.

Whether it be through helping them with visibility, helping them with challenges, helping them do things safely. I think there's some way that we can integrate different parts of the business.

What triggers Jay Kay to start looking for a new solution

So one of the first things I do is, I look at the problem. What are we trying to achieve here? How big is the nail and how big does the hammer have to be and what's the wood that we're trying to hammer the nail into?

I try to look at the problem. What are we trying to solve? So I look at a threat model. I understand we want visibility. We want ability to do detection and analysis. We want to identify threat. What's our critical assets? What's our crown jewels? If it went down tomorrow, would it stop the business?

That's what we need to protect. We need to protect what generates value in the business so we understand what needs protecting. We put that in a wrapper and say, right, this is our crown jewels. Now we need to start understanding what is the threat to these crown jewels.

Is it malware? Is it hackers inside of threats? Is it floods? Is it storms? Is it tornadoes?

We need to start putting all these things into this bracket of a threat, and then we need look at, okay, right, that's our threat model. And now we need to ask ourselves, How will they appear? Where are they materialized? How will these attacks come to fruitition?

Once we start to theoretically go through those scenarios, we understand where we may need to put our eyes and ears. Then we can say, right, okay, now that critical web application server is sitting there, we may need to ingest the web application firewall logs and the web app logs, and this is our detection use cases.

This is what we're trying to detect instead of the age old, let's just ingest everything and then we'll worry about it later. I think we need to go all the way back, not worry about the tool. I mean, we can talk about the tool later on, but we need to talk about what we are trying to. Why is this discussion even in existence?

How Jay Jay looks for a tool

Let’s take a SIEM, for example. When it comes down to picking a tool, you'd be evaluating costs at that point because they all do the same thing. One of the things that I like to do is think about, okay, right, what have we currently got? Okay, what are we currently working with?

You know what? What's generating logs? Have we got Palo Altos? Have we got Fortinet firewalls? Have we got database servers? Have we got Azure? Have we got AWS? Let's do an inventory. What do we need to look at? Going back to that crown jewels, that threat model. What do we need to monitor?

Then I look at which tools can integrate with what we have better. Because what I don't want to do is buy a tool and start building my own API integrations all day long.

1. Because one, that's going to be terrible because I built it.
2. And two, it's gonna have a lot of maintenance because I built it.

So I want something that's gonna integrate nicely. So I'll start looking there.

Jay Jay wants to know:

• Can I get nice integrations?
• Can I get good dashboards?
• Can I get good visibility for it?
• Can I do automation that can streamline?
• Can I build workbooks that will help me automate particular analytics?

I will look at things like that. And that, for me, is a big decision factor when it comes to tooling nowadays, because tooling for me is, it is a pain point, but the market is so saturated with tooling, they all do the same thing.

Differences or anomalies in the market vendors can take advantage of

The people perspective.

Vendors need to start building relationships instead of looking at lead filters or lead generation. They need to start integrating with the community a bit more.

And they need to start learning from the people on the ground, just building communities, essentially, because those communities are going to be filled with potential leaders of the future.

And if you can get really good relationships with them now, that's going to influence buying decisions in the future.

If you build those relationships and keep those bridges strong, that's going to open up the door to many more opportunities to make good sales in the future.

What does that look like? A good integration within the community from the vendor side.

So it could be anything from developing training platforms or developing training sessions and training content on their on their SIEM.

Splunk do a very good job at this. They have all their training platforms, they have their certification paths, they even have forums that you can join. You can join lots of Splunk webinars where you can chat with people.

Also, when I go to conferences, there are vendors that are set up, open bars, where you can go there, chat with leaders, you can chat with other people, chat with the vendors.

Some vendors have even started to develop their own difficult servers where people just go in and just talk about it.

I know it's not exactly a security tool, but if we look at these training platforms, one of the biggest elements of the training platform, the biggest selling point is the community.

You learn from other people. And I think that is something that vendors need to start tapping into and we're starting to see it.

Jay Jay’s biggest takeaway for cybersecurity vendors

Just be human more.

I think that's the common theme running through - really trying to tap into that human element and when you are approaching people for sales, Just think about the person on the other end receiving this sales pitch.

Think about them a little bit more. Think about their problems, what they might be going through, what their stress is at work. Think about their use cases a little bit more. Try not to come across as a sales robot because sales, I know I'm not a salesman, but I speak to a lot of them and the common theme between a good salesman is sales is 90% that human element.

It's that human connection. That technology piece is going to fix a problem, but that relationship is going to build sales.

Interested in sponsoring an episode like this with your target buyer?

→ Reserve your sponsorship here. ($2,575)