It stands to reason that an organization focused on securing companies and their assets would bring on people who are passionate about the work. SAP is no exception, and neither is its Director of Threat Detection & Operational Strategy, Matthew Valites. In fact, he wrote a book about it. In our latest podcast episode, Matthew gives some of the key takeaways from his book, Crafting the Infosec Playbook.
Here are the top takeaways:
Share your passions: For Matthew and his co-authors, sharing their knowledge about their passion looks like writing a book, but there are a number of ways to do this such as volunteering your time or mentoring someone within your network. "I would encourage anyone to do that," Matthew says of writing their book. "It was such an incredible experience to do that. And my two co-authors, they're brilliant. So I would say, if you've got any inkling to do that, take that step. We grew that off of a number of blog posts that sort of warmed ourselves up."
Keeping things simple can help keep them evergreen: When it comes to creating your own detection playbook, avoiding overcomplicating things is the key to success. Although the landscape is always going to change given technologies such as AI, it's ok to also have pieces of your toolkit that are simple and are designed to last. "I'm looking right now at our close codes for how we do incidents, and I'm finding that what we wrote in that book about ten years ago is still applicable."
Use a service-based approach: Finally, Matthew says, keeping a service-based approach with customers goes a long way. "It's just a really good way of thinking. I think it also helps you understand how businesses operate in general. We're in such a cost center. We always never have enough money. We always have to justify what we're doing. That kind of flips it on its head a little bit."
