Blog //

Understanding the role of a cyber security Focal Analyst

Cyber security is complex. Rapid technological advancements have placed bigger targets on organisations’ backs by introducing new vulnerabilities for hackers to exploit. Meanwhile, criminals themselves now have much more powerful attack techniques at their disposal, while companies are burdened with increasingly onerous legislation and sector-specific regulations.

Norm’s mission is to simplify the increasingly complex threat landscape, providing clients with complete clarity on all threats to their operations and actionable plans to reduce their risk exposure.

Central to this philosophy is the company’s team of Focal Analysts.

What is a Focal Analyst?

A Focal Analyst is a Senior Security Operations Centre (SOC) Engineer who works as a natural extension of a client’s IT and security team. They are the first point of contact for all client requirements, fulfilling the role of trusted advisor and advocate. Unlike general analysts or incident responders who support specific functions, Norm’s Focal Analysts each focus on a small handful of customers. This ensures they have a thorough understanding of each client’s environment, objectives and working practices.

Alongside delivering high-quality security reporting, they work in close concert with Norm’s Threat Detection and Response Team to provide timely and tailored cyber security services. In summary, they develop truly consultative relationships that enhance the client’s service experience and bolster their cyber resiliency.

Responsibilities of a Focal Analyst

A Focal Analyst’s initial priority is to develop a deep understanding of the client environment, so they can provide the best possible support and offer recommendations to reduce and mitigate cyber security and data privacy risks. This process begins with defining the client’s Security Operational Baseline, a benchmark that can be used to track improvements over time. Once this is established, analysts can fine-tune operations and the alerting process.

They also play a pivotal role in the continuous monitoring and analysis of security threats. This involves correlating and authoring the monthly review pack. This pack comprises a range of different reports that are tailored to the needs of the different stakeholders within the client organisation. Specifically, it contains a board report aimed at senior leaders, which is a succinct summary of the client’s current security status and overview of emerging trends. This is complemented by a more in-depth management report that offers detailed performance metrics and bespoke advice to improve resilience.

Another key undertaking is to help organisations customise their security strategies so they align with their business objectives and operations. Here, the Focal Analyst will create and maintain specific playbooks of all the technology and associated processes deployed within the organisation, as well as their incident response plans. These can be leveraged and refined to drive automation and consistency.

A true extension of a client’s operations

At Norm, it’s not just the Focal Analysts’ roles and responsibilities that set them apart, it’s also how they work in close collaboration with their clients’ IT and security teams.

Focal Analysts seamlessly integrate with a client’s business, arranging regular meetings to review and discuss cyber security events, risks and strategies.

These meetings are tailored to individual needs but typically include reviewing previous minutes, discussing vulnerabilities and emerging threats, analysing alerts and incidents, assessing the likely impact of new projects and initiatives, as well as reviewing the ongoing effectiveness of employee cyber safety training. The end game is to improve the long-term Cyber Resilience Score of the client and help them ratify new technologies and processes that drive commercial advantage.

Outside of these meetings, Focal Analysts are responsible for ensuring clients always have complete visibility of threats, reviewing and customising playbooks and incident response plans, and for assessing the results of penetration tests. They also leverage intel from Norm’s internal Threat Intelligence Team to provide timely notifications about Zero-Day vulnerabilities and the most critical detections being exploited in the wild. Due to their extensive knowledge of the client’s environment, these notifications also contain a list of potentially affected assets, whenever possible, to assist in the remediation of such vulnerabilities.

Focal Analysts in practice

Understanding a client’s environment is crucial for effective cyber security. Focal Analysts use various methods to gain and maintain this understanding, including reviewing incident response plans, analysing penetration test results, and staying updated on infrastructure changes. This deep understanding means they can provide targeted recommendations and improve overall security outcomes.

As the Head of Group IT Security & Compliance of Flamingo Group International, the world’s largest grower of cut roses, explains, “Our Focal Analyst has invested a great deal of time into understanding our different business units’ IT environments, as well as their processes and procedures. This means that – as well as being on-hand to answer any questions we might have – he often comes to us with proactive advice about how we can bolster our strategy. This could be instructions on which patches to apply, which tools to assess, or how to refine our processes. Because Norm understands how we work; its guidance is always practical and valuable.”

Conclusion

Focal Analysts offer much more than traditional account managers who typically come from a sales background; they aren’t motivated by upselling and have far deeper technical experience. What’s more, by prioritising customers rather than individual technologies or tasks, they adopt a holistic approach to risk reduction, offering realistic, relevant, and actionable recommendations.
This customer-centric approach provides clients with added confidence that their operations are capable of withstanding attacks.

Find out how a Focal Analyst can bring value to your organisation by booking a meeting here


Written by Daniel Komenda

Daniel Komenda is the Focal Analyst Lead at NormCyber. His team of dedicated, trusted security advisors specialises in comprehensive analysis of IT environments and effectively increasing their cyber resilience.