Security operations and engineering

Evaluate, enhance and transform your security operations capabilities

Operational security capabilities such as security monitoring, incident response, security engineering, and vulnerability management are a big investment and can command a large - and often the largest - proportion of an organisation’s cyber budget.

Security operations teams are also often stretched between daily responsibilities, such as operating and maintaining the pertinent controls, and the need to keep up with organisational change and technology innovation.

Our multidisciplinary team provides a unique blend of technical expertise and management experience to help you assess your security operations capabilities, prioritise and develop a roadmap, and scope and plan major technology change and transformation.

How can we support?

We advise on all aspects of cyber security operations and provide engineering and implementation support. We combine direct experience from incident response and engineering engagements, insights from latest threat intelligence research, and industry experience managing and transforming enterprise cyber security operations capabilities.

1. Security operations review and roadmap development
2. Tactical engineering and operations support
3. Security operations technology change and transformation

1. Security operations review and roadmap development

Assess your security operations services capabilities across people, process, and technology factors
Review your pertinent governance arrangements, quality of metrics, and the costs associated with operational services
Help you shape and documented a target state, informed by PwC industry insights and by pertinent service and technology roadmaps
Help shape and prioritise your security operations improvement roadmap, and define the benefit of constituent components

2. Tactical engineering and operations support

Identify opportunities for efficiencies and automation within your security operations technologies and processes that do not require major architectural change
Deep dive specific operational areas, such as security information and event management (SIEM) monitoring or vulnerability management programme coverage, and identify options for enhancement against key metrics
Deep dive your use of specific security technologies and identify underused capabilities available under current or prospective licensing
Support you with prioritisation, engineering, and implementation of the identified changes and improvements
Help you with process development and documentation, for example by developing incident response plans and playbooks, or operational guidance for leveraging of security tools
If required, second our experienced operations analyst and engineering staff into your team for a fixed time period to help alleviate resource constraints, to facilitate practical knowledge transfer, and to underpin resourcing for your change agenda

3. Security operations technology change and transformation

Help you scope and plan major changes, such as a transition between two SIEM technologies or an implementation and rollout of new cloud or on-premise security tools and capabilities
Provide engineering and delivery support to help you deploy, configure, and operationalise new capabilities in a pragmatic way and in line with your organisational requirements
Deliver practitioner level training to your teams to help them effectively adopt new technologies and be ready to operate
If required, provide interim operational cover for new security capabilities during the transition period, for example by providing an interim managed monitoring service for a new SIEM

Why choose us?

The team. Our diverse and multidisciplinary team includes security engineers, cloud platform engineers, operational analysts, incident responders, intelligence analysts, architects, managers with specialist leadership experience, industry sector security advisors, and representatives of many more roles whose perspectives enhance our approach to security operations projects. Many of our specialists have supported clients through major cyber security incidents and crisis situations, and will have a first hand appreciation of the importance of cyber security operations. We will put together a project team combining the right expertise and experience for your cyber security operations needs.
Independent advice. Our team has experience with most of the security operations technologies and services common in the market. We are not exclusively tied to any particular product or technology, and are in the position to provide you with unbiased advice and support you if you are considering a technology change.
The network. Whether you require collaboration across regions and territories, require country specific advice, regulatory knowledge, or language skills, or are looking for options to leverage offshore resources, we will leverage the PwC network and coordinate our delivery accordingly, leading from the UK.