I have told you about the need to tune our security incident and event monitoring (SIEM) tool. Now we need to tune the analysts who are monitoring the SIEM.

We had no problem when SIEM monitoring was done in-house. My security team consists of two Level 3 analysts, who are well seasoned and very familiar with our company and have more than seven years of experience in information security. But it was recently decided that SIEM monitoring was something we could offshore. There’s no arguing with a decision like that. The cost of offshore services such as this is compellingly competitive, and we’ve had good experiences with our offshoring of the help desk, network operations and development. Besides, my team wouldn’t be laid off but instead freed to do more pressing things.

To read this article in full or to leave a comment, please click here