Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Being Flexible Can Improve Your Security Posture

Changing your approach when you realize you could be more efficient pays dividends, especially in six areas of your cybersecurity program.

Joshua Goldfarb, Global Solutions Architect — Security

September 11, 2023

4 Min Read
Fit young woman doing yoga stretching exercise on floor in front of open laptop.
Source: insta_photos via Alamy Stock Photo

Recently, I was working on a specific task. About an hour into the task, I realized that it was taking way too long, and that I was likely doing far too much manual labor. It seemed to me that there had to be a better way. Surely I could find an automated way of accomplishing this task. Not only would that be a far more efficient use of my time, but it would also eliminate significant potential for human error.

Perhaps some of you have experienced moments like this as well. I hope you have. Why do I say that? Because I believe that experiencing moments like this is a great thing. Unfortunately, far too many people plod along with their initial approach, regardless of whether it looks like that approach will yield the desired results efficiently and effectively.

Those people who are alert, self-aware, and flexible enough to reconsider their approach from time to time are the lucky ones, in my opinion. If you read my articles regularly, it probably won't surprise you that I believe there is an important security lesson we can learn from this. Let's examine six areas in which being flexible, rather than stubborn, can help us improve our security postures.

1. Cloud Security

With the introduction of hybrid and multicloud environments, the complexity of enterprise environments has continued to increase. This has resulted in most enterprises managing and maintaining multiple technology and security stacks across a variety of different environments. In some cases, entire teams may be devoted to this cause. The enterprises that can take a step back and realize that there has to be a better way will be far better off in the long run. Complexity is the enemy of security, and simplifying the management and maintenance of hybrid and multicloud environments is an important step in improving the state of security.

2. Security Monitoring

The importance of continuous security monitoring is widely recognized. Yet it is often something that needs significant additional focus and investment within most enterprises. More often than not, large volumes of false positives and noise drown out the important true positives — the events that need to be reviewed and addressed. Despite this, many enterprises continue to use the same strategies and approaches that drowned them in noise. It takes a bold and visionary security team to shake things up in order to drastically improve that signal-to-noise ratio.

3. Policies

It is remarkable to me how many unhelpful, nonsensical, and/or draconian policies exist in our profession. If you've ever asked why a given policy exists, in many cases the answer will be something like, "Because that is the way we have always done things." Obviously, this is not a good reason for insisting on a given policy. It takes a strong security team to realize that there is a better way and to actively seek to clean out or improve poor policies.

4. Processes

In most enterprises, the security team is quite busy. In fact, there is usually more work that needs to be done than there are people, time, and money to do it. Thus, prioritization and optimization become the name of the game. Yet many security programs spend significant amounts of time on processes that are inefficient and/or ineffective. To identify those processes, analyze them, and then either remove or replace them does require an investment in time and energy. This investment is well worth it, however, as this flexibility pays tremendous dividends in the form of an improved security program.

5. Technology

Technology and products are an important component of any security program. Yet some are better suited to the goals and priorities of a security team than others. Nonetheless, many security programs leverage technology and products that fight them rather than help them. This is unfortunate yet not irreversible. At any point, the security team can zoom out, identify which technology and products are not meeting their needs, and work to address those gaps.

6. People

People are perhaps the most important piece in any security puzzle. At the same time, they are also the piece that carries the most emotion. This emotion sometimes clouds decision-making. When people aren't properly trained or when their time and skills are not being maximized, it can be tremendously demoralizing for those security professionals. This also has a detrimental effect on the security posture of the enterprise. In spite of this, many security programs have their precious human resources engage in activities that aren't adding a lot of value and aren't maximizing those team members' potential. With a little forward-thinking flexibility, this issue can be remedied, thus improving the overall security posture of the enterprise.

Stay Flexible

Being flexible is perhaps one of the hardest things we as humans can be. Why is this? It could be because, distilled to its essence, being flexible means realizing that we might be wrong and that there might be a better way. Regardless of the why, being flexible has the potential to vastly improve our security programs. It also has the side benefit of making us better people.

About the Author(s)

Joshua Goldfarb

Global Solutions Architect — Security, F5

Josh Goldfarb is currently Global Solutions Architect — Security at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights