Aperture Podcast: Sean Tufts on OT SOC Playbooks, Culture Challenges
By Michael Mimoso | Feb. 28, 2022
Digital transformation is creating many new opportunities for industrial enterprises, and it’s also raising some difficult conversations about managing risk and integrating OT under IT security management.
Sean Tufts, the ICS and OT security practice director at Optiv, joins the Aperture podcast to discuss his experience in helping organizations across different industries implement OT SOC playbooks, some of the cultural challenges that accompany that transition, as well as his unique career path to cybersecurity.
Tufts is a former National Football League player with the Carolina Panthers, and Division 1 college football captain at the University of Colorado. During this discussion, he also describes how the skills and discipline he learned to become a professional athlete transfer to his day-to-day role today.
“Three of the top five athletes I’ve ever been around never even finished college. They couldn’t put a package together to make it,” Tufts recalls. “You’ve got to walk the path to get yourself selected, and then you have to work like hell to stay there. From my seat today, it’s not all that different from some of the cool stuff we talk about in security.”
Tufts’ current day job takes him inside large companies and he experiences diverse industries and unique challenges. To find some commonality, Tufts said it’s important for the SOC to bring actionable data to asset operators, otherwise run the risk of losing their trust.
“We need to arm our (managed service providers), our internal SOCs, our (IT) Tier 1 analysts who are used to looking at Crowdstrike and Palo Alto data with the right information so that when they reach across the aisle and talk to a person wearing a hard hat and steel-toe boots, they can arm them with enough data to not waste their time,” Tufts said.
Tufts cautions that a handful of lower-priority alerts raised to an OT operator will sour the IT/OT relationship quickly.
“We’re making sure there’s enough meat on that alert bone to necessitate waking someone up in the middle of the night,” Tufts said.
Listen to the discussion and learn more about:
- Some of the OT policy creation challenges for SOC managers and analysts
- The critical cybersecurity tools for a successful IT/OT convergence
- Overcoming the challenge of alert fatigue for converged SOCs