Insights from Next Generation GSOC Leaders

Return to Program Best Practices
From September to November 2023, the SEC brought together more than two dozen security and risk leaders to offer a 10-session online course on strategic development, management, and innovation in Global Security Operations Centers (GSOCs). Instructors included SEC subject matter experts and current security practitioners from companies including Delta Air Lines, Zoom, Dell, Coca-Cola, Comcast, Equifax, and Amazon.

image of speakers at the NGSL GSOC event in 2023

At time of this writing, 94% of participants responding to a post-course survey have said they would recommend the program to others.

"I really appreciated the different perspectives of a GSOC from each speaker, and the explanation of the difference in their focus. It helps to have a more well-rounded viewpoint on what the functions are and can be," wrote one participant. "My company is in the early planning stages of a GSOC, so everything about this course was insightful."

For a limited time, the Next Generation Security Leader GSOC course is being offered in a streaming format to allow access to its insight to a broader segment of the security community.

Selected session highlights:

On strategic planning: The focus of the GSOC must be linked to three concepts: Duty of Care, anticipation of threat, and flawless service with consistently measurable results. – George Campbell (SEC)

Don’t build your process around big data; use big data to enhance your process. - Bhavesh Patel (Sanofi)

On concept of operations: The cycle of Objective > Data > Plan > Staff can help the GSOC prepare, maneuver, and adjust to the global environment. Make sure that what you commit to is achievable and repeatable. - Jacob Valdez (Dell)

Start with the low-hanging fruit: duty of care. Then move into risk management. - Ed Shubert (McKesson)

On determining GSOC scope: Before you begin planning, ask yourself what you can handle. How will you respond to information coming in? What procedures will you put in place? Create a solution that best fits your organization. - Bhavesh Patel (Sanofi)

On performance value and metrics: Reliable metrics can only be developed if both the collector of the data and the owners of the data trust one another. Without trust, KPIs can’t be established. - Ante Gaspar (Coca-Cola European Partners)

Risks and threats are out of our control. Measure what you can control: the speed and efficacy of your response. - Kevin Wilhite (Delta Air Lines)

On presenting metrics effectively: Start by knowing your audience and what they want and need to know, and anticipate their questions. Tailor your presentation to each audience. Show value by telling a story. Keep it brief with a high-level slide to capture attention and invite questions, and include a detailed appendix that lets them dig deeper where they want to. - Jonathan Jaster (Equifax)

On determining GSOC structure: GSOCs that try to be everything to everyone tend not to perform as well. Determine whether a converged or partnered model works best for your organization. Converged models can be simpler to manage, while partnered models can be better for complex corporations. Either way, be deliberate. Have a charter and a mission statement to guide development and operations. - Taylor Isabell (Amazon)

On maintaining business alignment: We built a business security partner program that brings our holistic security approach to each of Sanofi’s business units. Business security partners bring our programs, services, and systems to the business, while aligning security strategy to the goals and objectives of the business unit. They attend business unit meetings and maintain relationships with business leaders to understand and meet the security needs of the business. - Bhavesh Patel (Sanofi)

On partnering between physical and cyber security: Have a CEO mindset. Become data-driven risk takers rather than risk averse. Partner across programs to see which risks are truly more impactful to the organization, and be aware of your own proximity bias. Physical security truly may not be the highest risk issue. - Don Von Hollen (City of Calgary)

On operating a converged GSOC: It’s important to have a shared risk consciousness with real-time situational awareness and strategic intelligence. Do not rely on fear, uncertainty, and doubt. Go beyond. Use data to help the business make informed decisions. Anticipate and mitigate threats and inform the risk owners. – Alan Borntrager (Dell Technologies)

Next Steps

The streaming version of the NGSL GSOC course includes the full original presentations as well as participant Q&As. Topics include regulatory considerations, GSOC service models (including job categories and compensation), concept of operations and master planning, integration, risk intelligence and stakeholder communications, emergency preparedness and critical incident response, GSOC performance and value metrics, corporate and cyber security interface, and case studies.

Sign up for the streaming rebroadcast here.

Download a PDF of this page below:
Return to Program Best Practices