For the start of new football season in Scotland, let’s have a bit of fun, and create our perfect cybersecurity team. We have 11 players for our first team, and now need to define the positions of the 10 out-field players. I would say the perfect formation could be 3:5:2:
- 3x Risk Analysts (Defence). Defence is solid, and they stay at the back and never stray forward, while communicating continually with their midfield and attack. They continually listen to their goalkeeper, too, and try and identify gaps in the team’s formation. The manager continually shouts orders at them, and they must then listen, but are good solid and dependable players.
- 5x SOC (Security Operation Centre) Analysts (Midfield). The midfield is able to pick off attackers as the move forward, and also feed the attack. They have done their homework on the opposition and know exactly the types of attacks that they will mount, and are well drilled in coping with these. When required the midfield will move back into defensive positions and create a solid wall of defence in teaming up with the Defence. Their workload is much higher that the defence and attack, and spend a good deal of their team running around after the ball.
- 2x Threat Hunters (Attack). The attack is able to move back into midfield when required, but will burst out into attack and probe the opposition’s defences. They often shout back at the defence if they feel like the opposition are changing the tactics. Unfortunately they can day dream a bit and fail to pick up passes, but when required, they will stick the ball in the back of the net.
The SOC Manager will keep them all focused, and at half-time will get the team in, and tell his strikers to stop the other team from mounting too many surprise attacks, and to make sure they we are keeping their midfield and defence up-to-date on the tactics that the other team are using.
And what about the goalkeeper? Well, ultimately it is the CIO/CISO who is responsible for the last line of defence. If they let in too many goals, they will get sold onto another club.
And the substitutes? Well, three more SOC Analysts (just in case we get attacked too much), a new CIO/CISO (in case we loose too many goals and they have to go off injured, or we put them on gardening leave, or they just run off the pitch), and, of course, two Incident Responders (to probe why we are losing so many goals).
Enjoy the new season!