Starting a Information Security Lead role

I am onboarding to a role with very small start-up company engage in Virtual assistance business model for small-medium size insurance companies, as an Information Security Lead
I've had 9 years of relative IT and Security experience started as SOC analyst and made my way up to be Senior, then to SOC Lead / Supervisor.
I do not have experiences as an engineer or as an architect. but I've basically rolled out and operated Security tools from my previous tenures. And this this new role was kind of a big break, and the firm's top management and CEO had put their full trust on me.
The role involves, managing Security solution for company based on NIST framework and put up a team, to setup everything from FW, proxy, SOC team, compliance and governance.
Any advice good advice moving forward? and what necessary certification i need to undergo to prep me on this endeavor.
Thanks.
I've had 9 years of relative IT and Security experience started as SOC analyst and made my way up to be Senior, then to SOC Lead / Supervisor.
I do not have experiences as an engineer or as an architect. but I've basically rolled out and operated Security tools from my previous tenures. And this this new role was kind of a big break, and the firm's top management and CEO had put their full trust on me.
The role involves, managing Security solution for company based on NIST framework and put up a team, to setup everything from FW, proxy, SOC team, compliance and governance.
Any advice good advice moving forward? and what necessary certification i need to undergo to prep me on this endeavor.
Thanks.
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
there was IT in the beginning, an IT manager, network specialist and a team of servicedesk.
they are adding Security, the company has grown, and clients have requirements and US gov't have compliance.
The IT manager remains full oversight of the projects and tools. but they needed to bring in an IT security lead to spearhead the Security part.
eventually the Security will have to grow with appropriate people, i believe the pipeline will be to get enough people with the right skill set.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I think you should understand the NIST framework that you follow and undertake a gap/risk analysis based on what the most immediate priorities are. This should then guide you in respect to understanding what processes are needed/technological gaps you encounter and people/skills you need to fulfil those gaps.
You may find that using an MSP is better value for money in the long run with them sending periodic reports on the status of issues found/metrics etc, but the key thing is you need to add value to the role - speak to the senior management team and report on key risk indicators (what was encountered/what the impact of this was/was there any sensitive data/PII exposed etc). You will need to think bigger picture/vision and how the functionality of the SOC/IR is helping the business move forward/achieve its objectives.
Dont forget if you happen to manage a team, setting goals/performance plans/milestones/training targets etc. Plus working with the wider area of the business so they know their role too.
If you got an MSP for example and they said we have found xyz that has done/doing abc what are the processes to invoke your IR plan?
Lots to think about. First point of call is SANS (my opinion). Check out there new courses in the area. 512 touches SOC processes/management, 450/551 sound like a good overview for you. Or perhaps anything else like 508 - unfortunately not my area of expertise.