Step #1: Do you have The Invisible Gorilla in your SOC?

Updated: Mar 18

You may wonder what Security Services Operations has to do with the gorilla and why is it invisible?

Image Source: Redcandy

I came across The Invisible Gorilla experiment when I was reading Daniel Kahneman's book 'Thinking, Fast and Slow'. The experiment, which led to Nobel Prize award, was run by psychology researchers Christopher Chabris and Daniel Simons. It found that people, when engaged in a mental sprint, may become effectively blind. The authors of The Invisible Gorilla had made the gorilla 'invisible' by keeping the observers intensely focused on their primary task (in the experiment case it was counting the ball passes). Does it not remind you of a usual Security Operations environment? Security Operations Centers (SOCs) are 'noisy': endless alerts, events, incidents, triaging, threat intel - you name it. Time is one of the most precious commodities at SOCs. Not surprisingly, many of their Key Performance Indicators (KPIs) are very time oriented: Mean Time To Detect (MTTD), Mean Time To Respond (MTTR), etc.

So, in what form and shape is The Invisible Gorilla hiding in your SOC?

We have anonymously surveyed 50 global SOCs. By analyzing our own survey results, the insights shared by global Security Leaders on our weekly #SOCsuperposition interview series and taking into account trusted third party research by Ponemon Institute, Accenture, Deloitte, Gartner, Capgemini and others, we have identified a whole list of risk indicators which have a different level of impact not only to Security Operations, but to the whole business operations. Below is a selection of risk indicators, identified through specific business needs:

- An improved Security Operations talent retention ratio and reduction of the associated hiring costs, onboarding time, etc.

- Besides the technical knowledge, what else you should be looking for when hiring Security Operations talent and why?

- Doing more with the talent you have - skills optimization / closing the knowledge gap

- Automation of the repetitive tasks

- Building and maintaining positive security culture

- Communication strategy and clarity (internal and inter-department)

- Validation of SOC operational effort in the language/metrics understood by and/or important to the Board of Directors

- Existing technology optimization and closing the technology gap

- Improved Mean Time metrics

- Being able to better predict / plan incidents

By removing The Invisible Gorilla will lead you to achieving a higher Security Operations efficiency, also known as #SOCoptimization and understanding how your Security Services Operations compare to industry benchmark. This is the knowledge and business value Quantum Cybersecurity Skills bring - always fresh, always justified!

In the next article I'll cover the cost of The Invisible Gorilla for your Security Services Operations.

We also recommend reading our blog on 'Step 2: Associated $$$ of The Invisible Gorilla in Your SOC'

Our approach is to focus on optimizing Security Services Operations / Security Operations Centers (SOCs) and deliver it through people, processes and technology to address business needs. Reach out to us:

E: W:

T: @SOCoptimization L:

53 views0 comments