Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Constructive Complaints: 5 Ways to Transform Problems Into Plans

Working in infosec has its challenges, and it's easy enough to complain about them. But that won't solve anything.

Joshua Goldfarb, Global Solutions Architect — Security

September 13, 2021

4 Min Read
People tangling and untangling a problem
StockVector via Adobe Stock

For many information security professionals, work can feel like they are constantly fighting an uphill battle. Perhaps that is due to the relative immaturity of our profession, a lack of adequate tools and process, the difficulty in finding talented and trained individuals, and/or challenges that arise when working with business teams.

Whatever the reasons behind the prolonged periods of fire fighting, swimming against the current, and working long hours, many security professionals experience burn out, low morale, and an ever-lengthening list of gripes.

Complaining may help identify areas for improvement, but it is not particularly helpful unaccompanied by specific solutions, plans, or novel ideas. In this spirit, I offer five ways in which security professionals can improve their working lives.

1. Be specific: Scope and define the issue or challenge so that it can be addressed. Stating, “The alert-tuning process is painfully slow” does not help. Statements with specific information, such as, “Visibility challenges in 20% of the enterprise, limitations on the granularity of the alerts we can write, and the inability to query over multiple days of data for analysis and tuning purposes makes the alert tuning process slower than it need be” are far more helpful. The second statement sets goals and priorities that can be addressed in the coming months to try and improve the situation

2. Offer solutions: Even better than being specific is being specific and also offering solutions. Follow up the helpful statement in the previous example with solutions, such as, “Investing in the six-month plan to improve visibility (with a link to the plan), swapping out our analytical engine with one that allows more granular queries (with a link to the analysis and a comparison of different options), and adding additional processing power to our data warehouse (with a link to a cost analysis) will help us address these issues.” That not only gives the ability to set goals and priorities, it allows management to see the potential costs and understand the potential impacts of different options. That often spurs a sincere discussion on the challenge or issue at hand, rather than eliciting a response like, “Yes, let’s discuss that at some point - set up a time on my calendar.

3. Think strategically: Seeing the bigger picture can transform the way infosec pros approach a challenge or issue. Certain tactical or operational problems can be solved as part of other strategic adjustments. For example, say we are concerned about the volume of alerts we have in our alert queue each day and how it degrades our ability to detect and respond to legitimate security risks to the enterprise. If there is a strategic effort underway to improve, tune, and tighten alerting logic in order to reduce the number of false positives, that may very well solve the alert volume issues. In other words, a strategic initiative will take care of our tactical challenge

4. Think about impact: Think about the real day-to-day impact of whatever is troubling you. Something that may seem incredibly frustrating and challenging up close may actually turn out to be less of an issue after taking a step back. Perhaps what is bothering you does not have as much of an impact on your day-to-day success as you might initially think it does

5. Pick your crisis: Think long and hard about the crisis you are about to escalate and the battle you are about to pick. Is it really a crisis? Is it a battle worth fighting? Sometimes I think back on things that I once saw as a crisis when I was younger. At the time, I couldn’t understand why my management wasn’t doing anything about it. Now, I see younger employees acting the same way I used to, only I now have the benefit of experience and can see that it isn’t as much of a crisis as they think it is. I can now understand why my management responded the way they did at the time.

Security, like any profession, has its share of challenges and issues. In many cases, those problems impact the effectiveness of the security organization and should be addressed. When looking for assistance, it pays to pick your battles wisely, communicate details, and come prepared with plans and potential solutions.

About the Author(s)

Joshua Goldfarb

Global Solutions Architect — Security, F5

Josh Goldfarb is currently Global Solutions Architect — Security at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights