Aggregated lateral movement and more: EY’s latest SOC serves the GCC

Covering the evolution of digital transformation centers over the last few years, we’ve frequently noted that new ways of working have infected many traditionally structured and operated organizations, often through nontypical talent and specially designed workspaces (yes, we’re talking about “funky chairs”). The latest development may be the most surprising as it comes from EY, a long-established and traditional firm in one of the most conservative services lines. EY’s newest security operation center (SOC), which services the Gulf Cooperation Council (GCC) countries, opened its doors in Oman at the end of 2017 and serves local and regional clients with cybersecurity and analytics offerings. According to EY, the center was designed to attract and retain talent, while also reinforcing EY’s strengths around industry expertise and creating opportunities for new EY clients, with layers of activity that call to mind the aggregated lateral movement of security threats (but in a good way).

Constant challenges: Managing talent and clients while delivering security

To tackle the challenge of attracting and retaining talent in the GCC, EY has relied on a staff that is a mix of local nationals and expatriates, acknowledging that increasing the local talent pool will remain a strategic priority over the next decade. While local governments and universities have invested in science, technology, engineering and mathematics (STEM) studies and even cybersecurity specifically, the number of graduates needed to meet local demand will not reach scale for four to five more years, with maturity in security talent coming another five years after that. An additional way EY has addressed this shortfall has been to make the local security work as appealing as possible — the Level One employee staring at a screen identifying false positives has been replaced with analytics and automation in a mixture heavily reliant on EY’s developing security capabilities and enhanced by analytical models, rather than use cases. In the GCC SOC, the entry-level talent begins at Level Two and is investigating all the time, according to EY’s local leadership. Notably, for a region not known for its gender-diverse workforce, roughly half the professional security staff is women in some GCC locations, proving the local governments’ STEM investments are paying off.

While solving for the talent problem, EY must also address client needs, specifically around an operating model that accommodates regional legal structures and plays to EY’s industry expertise strengths. Not surprisingly, Oman as a generally neutral, trusted and respected member of the GCC provides a solid base for a regional security center. Also not surprisingly, EY’s current SOC clients come from government entities, oil and gas companies, and the financial services industry. Quite surprising to TBR was EY’s ability to draw new clients to its new SOC. Typically consultancies have sold security services to existing clients, and almost all clients brought through the new digital transformation centers have already had well-established relationships, making this GCC SOC doubly unique.