3rd Interdisciplinary Cybersecurity Lunch Talk

Our third “Unlocking Insights: Interdisciplinary Cybersecurity Lunch Talks Series” event took place virtually, continuing to build on the success of previous sessions by bringing together experts from academia and industry. This time, Thierry Schaltegger led the discussion with a compelling talk on “Decision-Making in Critical Incidents: Insights from Security Operation Centers (SOCs),” offering a unique window into the fast-paced and high-stakes world of cybersecurity incident response.

Schaltegger’s presentation drew from his recent research, which involved interviews with around 20 security professionals working in SOCs. His insights revealed the complex decision-making processes these professionals go through during critical incidents. While playbooks and predefined procedures play a crucial role in guiding responses, Schaltegger emphasized that human intuition remains irreplaceable in high-pressure situations where not everything can be anticipated. This ability to make quick, gut-feeling decisions often proves vital in successfully managing security breaches.

However, Schaltegger pointed out a significant challenge—this intuitive expertise is difficult to articulate and even harder to pass on to new employees. With SOCs facing high turnover rates, this creates a persistent issue in maintaining consistent levels of expertise. Newcomers may have access to the same playbooks as seasoned professionals, but the nuanced, experience-driven decision-making process is much harder to teach and transfer.

The discussion that followed centered on the tension between the need for standardization and the role of human intuition. Some participants noted that while intuition is valuable, the fear of liability often drives organizations to rely strictly on playbooks and standardized procedures. This cautious approach can sometimes limit the flexibility and speed needed in critical situations. The group explored potential ways to alleviate this issue, such as developing guidelines that allow for controlled use of intuition or creating environments where professionals feel supported, rather than penalized, for deviating from playbooks when necessary.

As the session concluded, there was a shared recognition of the value of further interdisciplinary collaboration in understanding how to better support decision-making in SOCs. Participants left with new perspectives on the delicate interplay between structured guidelines and human intuition, as well as fresh ideas on how to ensure the next generation of security professionals can thrive in this dynamic and challenging field.