Measurable and repeatable processes that can be automated. We focus on building or enhancing these core:

Vulnerability Management Process: Consistently identifying and triaging vulnerabilities and patches across installed platforms and frameworks (by tracking vendor CVE announcements) and communicating findings to technology owners. Running regularly scheduled vulnerability scans, penetration tests and red team exercises

SIEM Management Process: Continually monitoring, developing and refining use cases and associated playbooks

Threat Detection Process: Continually monitoring network and host defenses and establishing a consistent threat hunting methodology

Assessment Strategy Processes: Determining and continually refining the scope of both penetration testing and red team exercises, timing and duration that match associated business risks

Threat Intelligence Process: Consistently gathering and analyzing threat intelligence across open source and paid feeds and sources

Process to Manage Firewall Rules: Consistently apply new firewall rules that comply with the firewall policy while aging out rules as appropriate and dictated by policy

Policy Exception Process: Managing and tracking exception handling to ensure exceptions are documented and handled in a consistent manner

Secure M&A Process: Ensure corporate process includes security due diligence, merging technologies and systems, and educating parties on the cyber risks

Metrics Collection Process: Consistently gather and evaluate security metrics that provide key indicators of the effectiveness and maturity of the security program