I am a firm believer that the most common perceptions towards the Cyber Security industry is that those who work in the industry are both isolated and introverted while showing no signs of ineptitude.
While being both a compliment and an insult, it is still a common perception that I’ve come across from my time in the industry. I’ve picked it up in passing conversation, direct words, forums, social media, Uni students, nights out and so on – it’s well rounded so a good range to base it on. From this, you will most likely notice that your security team is siloed to some extent within your organisation.
Anyway, I do kind of agree with what people say. However, to say it blunt, stop isolation and silo’s and turn it into productivity and something useful. Don’t be “caged” and spread your wings and fly from the perception. Get yourself out there and network, both personally and professionally. This industry is not all about “what you know” but a lot of “who you know”. You’ll come across that in more ways than one, but especially in Cyber.
Working together as a community or team facilitates many sectors of succession. After all, there’s no I in team! In Cyber, should you ever face a security breach, working as a whole rather than an individual would typically showcase better overall recovery in order to get back up and running. More eyes and brains and all that. So moral of the story? Don’t work alone and don’t bottleneck communications.
“We don’t heal in isolation, but in community”
In addition, I think it it paramount that we, as Cyber Security employees, do not become siloed nor hinder communications in anyway. Why? Well it’s simple. If you’re in security you will most likely be the all seeing eyes looking over the client or organisation, so, you want to ensure everything is running smoothly, right? So why not go one step further and communicate with the wider audience. Promote your department and what you do, why you do it and the benefit it has to them. Emphasize your passion because this industry has a lot of hard work put in to it. In doing so you will remove a “barrier” and subsequently create a confident space as such – people will start to feel less berated and more open to sharing thoughts and reporting events. A good way is to just strike up a random conversation when you go into the kitchen or canteen at work.
“It’s a need to know basis – and you don’t need to know”
Hindering communications to any extent is not good to the business or the department that you operate in. As mentioned above you want to have an open door approach to Cyber as you need to know as much as you can from your employees because after all, they’re the targets! You want them to report that phishing email, that dodgy phone call or request, and even anything else they might have stumbled across such as an interesting story online that they saw. Another approach is to be interpersonal with other departments. Work with other departments that you wouldn’t typically associate Cyber Security with. Raise awareness, find out how they operate and see if you can offer any suggestions from an educational standpoint, look to build on processes, deliver sessions and ultimately build a positive relationship. You want to know what’s going on so you’re not left in the dark either. There’s only so much you can do to be proactive but why not get information from the front line?
Personally, a favourite interdepartmental collaboration is to work with Marketing, or people along those lines. Those guys that publish newsletters, blogs, do the graphics for the company websites, weekly and monthly updates to clients and so on. I find that working with them you can really utilise your position and pivot well. I mean who else is better to promote? They’re already sending messages to clients/customers, your internal organisation, social media etc. so why not jump on the bandwagon and get some Cyber ideas included so it can be pushed out? Best practices, stay safe online, how to do xyz and so on. This boosts you in your position, benefits the business by offering more and potentially generating more business, adds more content to publish – you get the idea.
Within organisations there is often a missing link when it comes to security. It really goes from one side to the other whereby you have a middle-man, or you don’t. Both can be problematic. So from a Cyber Security employee perspective wanting to get the word out, why not create that bridge. Remove the middle man while bridging the gap at the same time. In doing so you will aid collaboration. You could even go to a level higher and suggest having Security Champions. These are people who are in place within departments to aid the overall security posture of an organisation. They act as a liaison between the security team and other employees, but typically from a department standpoint. This person usually has good knowledge around the topic and can emulate facts and terminology to others. Although these people kind of take away the function I’ve been promoting, it doesn’t – it is an addition/good practice. There’s nothing to stop you speaking with individuals and both providing and receiving information – the Security Champion is just a figure within a department.
On the note of being siloed it can be a tricky perception because from a SOC standpoint you are typically in a security controlled room which is why I emphasize the outgoing nature or even that Security Champion presence. An open door approach works perfectly over your company IM software, or talking outside the room but within the room you will inevitably face problems and there’s no getting round it because the room has to be secure by design.
Following on to processes, like everywhere it is important to have these. Your staff need to know what the deal is when something arises. It can be as simple as how to triage a ticket, to how to respond to a major incident and your part in it all, or even the way on how to spot and report a dodgy looking email etc. The scenarios are endless.
Working with other teams can be a positive factor in this situation because you can be in a formidable position to define processes for staff to follow in the event of xyz. Also, any new joiners can sign off that they had read this policy or watched the video. Typically organisations will deliver this via a training video on compliance/security topics or through a policy. An example of delivering a policy and then adhering to it can be “how to deal with phishing”. The bulk of it covering how to spot them, common tactics used by hackers/criminals, how to report the email, what to do and don’t do and so on. This feeds in to your role and gives you relevant information to get on with the issue and remediation as opposed to requiring more information thus hindering efficacy.
But in your position, why not suggest amendments to your organisation? 3 quick examples:
1. Have a phishing button implemented
This would work by sending it out via group policy. Your role can define it so you can set it to send the email as an attachment to the security team when a user presses it.
Note: Having the original email allows you to get the email headers.
2. Work with the team delivering the training or even deliver it yourself so you can be hands on from a security perspective. Give your thoughts and work closely with them.
3. Implement rules to spot anomalies such as Whaling spoofing – where you can see the name is of one of your high ranking employees, typically CEO, and the header of the email is different. For example, your CEO is called John Smith. His actual email is john.smith@company.com. You set up a rule to spot anything that says his name and where his email is different. That kind of thing. Work with your tool on this as there are different ways of doing this.
I hope this was informative and poses some thoughts.
All feedback is welcomed and I hope to hear from you. If you have any questions or concerns, please do reach out to me.
Dan.
Steel Cyber Security 