SOAR - a first principle idea.

Rick explains the network defender evolution from defense-in-depth in the 1990s, to intrusion kill chains in 2010, to too many security tools and SOAR in 2015, and finally to devsecops somewhere in our future. 

Resources:

• “Cybersecurity First Principles: DevSecOps.” by Rick Howard, CSO Perspectives, The CyberWire, 8 June 2020.
• “FAQ,” RSA Conference, 2020.
• "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” by Eric Hutchins, Michael Cloppert, Rohan Amin, Lockheed Martin Corporation, 2010, last visited 30 April 2020.  
• “Malware? Cyber-crime? Call the ICOPs!” by Jon Oltsik, CSO, Cybersecurity Snippets, 22 June 2015.
• “Market Guide for Security Orchestration, Automation and Response Solutions,” by Gartner, ID G00727304, 21 September 2020. 
• “MITRE ATT&CK,” by Mitre.
• “The Cybersecurity Canon: The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win,” book review by Rick Howard, Palo Alto Networks, 21 October 2016.
• “The Cyber Kill Chain is making us dumber: A Rebuttal,” by Rick Howard, LinkedIn, 29 July 2017.
• “The Evolution of SOAR Platforms,” by Stan Engelbrecht, SecurityWeek, 27 July 2018.
• “What is SOAR (Security Orchestration, Automation, and Response)?” by Kevin Casey, The Enterprisers Project, 30 October 2020.