Cybersecurity is a constantly changing battleground, where threats are evolving more rapidly than ever before. For Enoch Long, Field CISO at JupiterOne, navigating this complex environment requires not only technical expertise, but also a calm and strategic mindset which he has developed over his two decades spent in the field. From leading SOC teams during high-pressure incidents to managing enterprise security for Fortune 500 companies, Enoch has seen firsthand how the threat landscape has evolved over time. In Part 1 of this two part series, Enoch shares his experiences handling major threats, the challenge of staying ahead in the SOC, and how modern-day adversaries have transformed the way security operations teams must respond.
Can you describe one of the biggest threats you’ve personally dealt with during your time in the SOC, and how you approached handling it?
One of the biggest threats I’ve encountered in my time in the SOC was not necessarily a headline-grabbing event, but rather a smaller incident that had a major impact on the business and significant visibility within the leadership chain. In many cases, we don’t immediately grasp the full scale or impact of an incident. Often, it's only through the process of collecting data, analyzing information, and providing regular updates that we begin to understand just how far-reaching the effects may be.
In this case, as more data emerged, it became clear that this seemingly minor issue had larger implications, requiring extensive internal communication and coordinated response efforts across teams. This experience really drove home the fact that the “biggest” threats aren’t always the flashiest. Sometimes it’s quieter, underlying issues that end up testing a team’s resilience and response agility. It’s a reminder that visibility, strong reporting, and a proactive mindset are crucial—because in this line of work, anything can become a serious challenge.
As a SOC lead, it’s essential to stay composed and level-headed, no matter the situation. My approach is all about balancing emotional intelligence with a visible presence, clear communication, and data-driven updates. This combination ensures we’re not only responding to the incident effectively but also maintaining the trust and confidence of both the team and leadership throughout the process. This approach also helps the team stay focused and confident, and it sets the tone for a controlled, organized response. During an incident, I ensure that everyone, from defenders and operators actively mitigating the threat to IT teams providing support, can reach me quickly. Whether on video or in person, this accessibility allows me to offer guidance, answer questions, and address immediate needs directly. I prioritize clear, fact-based updates, focusing on what we know, the steps we’re taking, and practical next steps for the team. I keep executive stakeholders, like the CIO and GC, informed with regular updates, laying out the incident’s status, our response plan, and what they can expect moving forward.
Looking back at the threat landscape from the past compared to today, what are the three biggest changes that stand out to you? How have these changes impacted the way the SOC operates and responds to threats?
From my perspective as someone who’s spent over 20 years in security operations, these changes represent the types of threats we focused on in the past.
● Back in the day, we focused on sophisticated attacks from nation-state actors and the occasional insider threat. Ransomware wasn’t a primary concern, nor were we overly worried about “script kiddies” or loosely organized hacker groups. Now, ransomware gangs have transformed into well-organized operations, often behaving more like businesses than lone hackers. They’re targeting companies indiscriminately, and their methods have evolved to impact organizations at every level.
● Today, the landscape is filled with a much broader range of threat actors. Now, we have to consider a spectrum that includes lone wolf hackers, hacktivists, and politically motivated groups alongside nation-states. This diversity has added more complexity to our defense strategies, as each type of actor has different goals, methods, and levels of sophistication.
● Insider threats used to primarily involve accidental exposures or compromises of individuals who were physically present within the organization. We now deal with sophisticated insider threats that can be linked to external cybercriminals, like employees who unintentionally open the door to attackers through phishing or other social engineering tactics.
All of these changes mean that SOCs must account for a wider array of tactics and motives. Threat response now requires a more nuanced understanding of the context behind each incident. For example, attacks can be triggered by something as simple as a political statement from leadership. In one case, I read about how a two-person hacker team launched an attack solely to embarrass the company over a public affiliation with a political figure. This level of targeted retaliation requires the SOC to consider potential reputational triggers and how they could motivate actors to disrupt operations.
The SOC has to expand its approach, adopting proactive intelligence gathering to identify emerging threats before they escalate. Response strategies have to become more dynamic, relying on flexible playbooks that allow for rapid adaptation to unexpected motives and sophisticated attack methods.
As cyber threats grow more complex, the role of visibility and intelligence has never been more critical. In Part 2, Enoch dives into actionable strategies for security leaders to protect their organizations in this ever-changing landscape.
About Enoch: Enoch Long serves as JupiterOne’s Field CISO. In this capacity, Mr. Long has global responsibility for providing executive leadership, domain expertise, strategic, technical, operational, and security guidance for the Global GTM organization. Before joining JupiterOne, Enoch held key strategic leadership positions at Regeneron Pharmaceuticals, Alexion, Splunk, and Northrop Grumman. He also served key cyber engineering and advisory roles supporting the Dept of Defense and the intelligence community. Enoch earned his MBA from Georgetown University and a Bachelor of Science in Computer Science from Temple University. Enoch is based in Washington, DC.
- By Chuck Brooks (President, Brooks Consulting International)
Original link of post is here
Comments