Guest blog courtesy of D3 Security.“I kind of saw automation as eating our veggies. It was good for you, but it wasn't the end of the world if you missed it. Now it is more akin to wearing your seatbelt. You could get out safe without it, but you're being dumb if you're not using it.”
That powerful analogy comes from Mandy Neely, a senior security engineer, who shared it in a recent episode of Let's SOC About It. The episode explores a critical aspect of modern security operations: building a strategic and sustainable automation framework.While the allure of fully autonomous operations is strong, Mandy emphasizes the foundational steps that prevent automation efforts from becoming a "Schrödinger's cat," i.e., potentially useless without the original architect. The discussion goes beyond specific tools to focus on the underlying principles required before scaling automation effectively, particularly relevant for MSSPs managing diverse client environments and high alert volumes.Mandy argues that true, reliable automation isn't built overnight by simply acquiring new tools and platforms. It requires a disciplined approach, focusing on documentation, error handling, and team alignment before chasing advanced capabilities. Tune in for a practical roadmap on avoiding common pitfalls and building systems that enhance rather than complicate security operations.Robust Error Handling & Alerting: Automation will encounter errors. Building thorough error handling helps identify when a task didn't succeed and why. This must be paired with well-tuned alerting, ensuring that failures are flagged effectively without creating alert fatigue from false positives. The "SECURE" Automation Framework (6:54-11:31): Mandy introduces a mnemonic for approaching automation strategically: Effective data management, using consistent language and attributes across the organization, is foundational for interplay between different systems and processes. Automation Analogy: From "Veggies" to "Seatbelt" (14:46-15:26): Mandy says automation is no longer a 'nice-to-have' but a necessity. While you might get by without it, the risks are exponentially higher, and failing to automate strategically leads to analyst burnout and unsustainable operations. Measure ROI (18:02-21:45): Define the scope and current metrics (manual process time, ticket volume/time-to-resolution, SLA adherence) before starting automation. Track these metrics via ticket data and, critically, talk to the engineers to understand if the automation is genuinely reducing friction and improving their workflow.
That powerful analogy comes from Mandy Neely, a senior security engineer, who shared it in a recent episode of Let's SOC About It. The episode explores a critical aspect of modern security operations: building a strategic and sustainable automation framework.While the allure of fully autonomous operations is strong, Mandy emphasizes the foundational steps that prevent automation efforts from becoming a "Schrödinger's cat," i.e., potentially useless without the original architect. The discussion goes beyond specific tools to focus on the underlying principles required before scaling automation effectively, particularly relevant for MSSPs managing diverse client environments and high alert volumes.Mandy argues that true, reliable automation isn't built overnight by simply acquiring new tools and platforms. It requires a disciplined approach, focusing on documentation, error handling, and team alignment before chasing advanced capabilities. Tune in for a practical roadmap on avoiding common pitfalls and building systems that enhance rather than complicate security operations.
Episode Highlights:
- Start with an existing, well-understood process. Don't try to automate something before you've defined its manual steps.
- Error handling and alerting are non-negotiable.
- Continuous process optimization involves the entire team in refining automation, not just top-down directives. Good tools evolve past version one.
- Unified team understanding ensures everyone knows what's built, how it works, and how to use it, preventing duplicated effort or underutilized tools.
- Risk awareness guides automation efforts toward addressing the actual threats facing the environment.
