Shane Barney, chief information security officer at the U.S. Citizenship and Immigration Services, said automation has allowed USCIS’ security operations center to free up incident analysts to focus on response roles, FedScoop reported Friday.
“We managed to actually get rid of our complete Tier 1 in our SOC at USCIS, primarily because we automated it out of existence,” he said Thursday at an AFCEA Bethesda event.
Barney said his agency also adopts automation to advance collaboration between its network operations center and SOC and is pursuing machine learning efforts to help with data analytics. He added that USCIS intends to make SOC a center of excellence in the automation field for the rest of the Department of Homeland Security.
He said he believes the analysis of desktop logs and other cyber incidents, ticket creation, vulnerability management and other redundant tasks should be automated at USCIS, which produces 5 terabytes of data on a daily basis.