Edward Farrell
[Mercury Iss]
Edward Farrell is a security consultant with over five years’ experience in information security and ten years’ experience in the IT industry.

As the director of one of Australia's few remaining independent cyber security practices, Mercury ISS, he has conducted or overseen the delivery of over 300 security assessment activities and incident responses in the past 5 years.

His professional highlights include lecturing at the Australian Defence Force Academy, being rated in the top 200 bug bounty hunters in 2015 and running an awesome team of security professionals.

Monitoring the monitors: a path to keeping the SOC in check

Technical Level (3 being the highest score): 2

Outsourcing security monitoring has become popular and it makes sense; the cost of building an internal team is excessive and scouting the right talent can prove difficult.

Having stated this, Outsourcing is also problematic when there is a high demand, low supply and inadequate validation that the SOC, MSSP or outsourced security service is doing what it promised.

Since June 2019, My team & I have seen a greater occurrence of inadequate security capabilities or misunderstanding of roles and responsibilities that introduce more risk than they seek to address.

This talk will provide a walkthrough of outsourced security providers, the important role they play, inadequacies we’ve encountered as part of our validation service and paths to addressing the shortfalls.

Outline of content:

1. Overview of security outsourcing
2. Review of effective SOC designs, both internal and outsourcedAnalysis of the SOC/MSSPs in Australia
3.Observations from our own assessments, including:
a) SOCs not monitoring at all
b) SOCs that failed to deal with patching
c) The impact of not knowing or contextualising issues
d) Tying in capability- the importance of mutually supporting efforts (IE, Governance and penetration testers)
e) Fundamentals around time & space
4. keeping the SOC in check
5. conclusions, considerations and actions for security practitioners

Key takeaways

By the end of this talk, the audience will have an understanding of the role, capabilities and limitations of outsourced security monitoring from the perspective of an independent security provider, as well as a path to identifying and addressing shortfalls in outsourced capability.

Secure your place now!