Living to work? Or working to live?
“I don’t live to work, I work to live.”
A good friend of mine used to say this when we were in our 20’s. Now that I’m older and wiser, I have to admit that it was pretty wise of him to understand this when so young and full of beans. As a long time practitioner in cyber security incident response, I’ve worked my fair share of all-nighters and long running incident response cycles. These scenarios are never pleasant and often disrupt our lives significantly. If you’ve ever had to respond to a network outage or widespread compromise, you know what I’m talking about. I’ve got some very memorable moments around MS014-68 and WannaCry (and it’s little cousin NotPetya). Unfortunately, these are not happy moments. Although the thrill of investigating something new does make life exciting, generally speaking, that thrill is only temporary and then the fatigue and days and nights eating at your desk start to take their toll.
What’s funny is that the way you deal with uncertainty is to plan for it. As intelligent beings, we have the ability of foresight and planning that can help prevent major disruptions to our lives. The problem we run into is the drive for efficiency and cost reduction. As we improve reliability and security controls, our true “the world is on fire” incidents become fewer and far between. This makes it more difficult to justify a fully redundant IT security team that can surge to meet the demand of 24/7 operations required by a security incident.
Enter the MSSP, which can spread the cost of redundant staff across multiple clients. This is where economies of scale can have a major impact to the bottom line IF you are poised to take advantage of them. Critical to the use of an MSSP is the ability to integrate the security function into your operations just as if they were your own team. Response time, programmatic integrations for automation, and ITSM best practices are all critical to this relationship. Without direct control of the security response function, you need transparent understanding that all is working as expected. This isn’t a nice to have. It’s an absolute must.
Colonel Hacker 