NAB's SecOps rethink focuses on data expert and dev hires

NAB is hunting for software developers and data experts in its security operations teams, as the bank moves away from traditional SecOps hiring and toward a model where security is treated as a code and data problem.

Appearing on theCUBE vodcast and in a similar, as yet unpublished Databricks 'Summit Live' interview on the sidelines of the Databricks Data+AI Summit, chief technology and operations officer Patrick Wright said that such a “retooling” was required to address challenges in the security operations landscape. 

Wright said attackers’ access to “hyper automated” tooling like AI agents and large language models, combined with the velocity of enterprise software development, meant attack surfaces are increasing and the time to identify and mitigate against a vulnerability has shrunk considerably.

“As a bank, we've got to start battling all of this at machine speed,” he said.

Wright suggested that existing security operations processes and tooling did not provide the necessary coverage nor facilitate action to be taken fast enough.

“Traditionally, your security teams were highly dependent on very specialised software that, while it's evolved, hasn't fundamentally changed that much over the years. It's gotten better at what it does, but it still fundamentally has the same basic capabilities,” he said.

“Signal[s] came out of those tools to humans, who would then look at them on a screen at three o'clock in the morning.

“That pattern just doesn't work anymore. 

“The time that we have to actually determine that there's a problem and contain it is going to shrink from … minutes to seconds, milliseconds. And so we have to fundamentally rethink it.”

The bank is in the process of co-designing a new security information and event management (SIEM) platform with Databricks, as part of the solution to this.

Part of this - in Wright’s words - is about “widening the aperture” of environmental visibility available to security personnel so they have a better shot at identifying increasingly sophisticated security incidents and patterns that touch multiple different systems.

“A fraudster or a cyber event may actually first manifest itself by a server spiking from a performance problem, or it could be a network port that drops. It could be an increased number of online account takeovers or fraud that happens with our customers,” Wright said.

“The traditional security dataset that your average security person would look at is often in a separate system from where your business runs itself. 

“So the data lake that the business uses to run itself, to look at P&Ls, financials, even things like fraud and financial crime and network and systems availability, they're all separate systems.

“We see there's real value in getting all of that stuff in one [place] and then allowing either a business process or a security process … to actually harvest meaningful insights off all that data.”

Wright said that customer data, incident data and login data, both from customers and staff, are important inputs into security analysis and decision-making.

"All of that needs to get fed in to try and find anomalies against a much wider sphere than just the legacy indicators of compromise, doing pattern-matching and server logs - which is still useful and you need to do, but I think you’ve got to [look] much wider," he said.

With security a more data- and code-driven process, Wright indicated that the desired skill sets of security operations personnel could also evolve.

"The nature of the people in security will need to change," Wright said.

"Your traditional security person is a SecOps person or a packet inspector or an incident responder. They tend to be more forensic."

"In tomorrow’s world, increasingly they’re going to be software developers and data experts.

“One of the things I'm really pushing on with my team is I need to hire software developers and data experts, not your traditional security operations teams. They need to be able to write software to help find signals in the noise."

Ry Crozier attended the Databricks Data+AI Summit in San Francisco as a guest of Databricks.