Cybersecurity In-Depth

The Edge

Constructive Complaints: 5 Ways to Transform Problems Into Plans

Working in infosec has its challenges, and it's easy enough to complain about them. But that won't solve anything.

For many information security professionals, work can feel like they are constantly fighting an uphill battle. Perhaps that is due to the relative immaturity of our profession, a lack of adequate tools and process, the difficulty in finding talented and trained individuals, and/or challenges that arise when working with business teams.

Whatever the reasons behind the prolonged periods of fire fighting, swimming against the current, and working long hours, many security professionals experience burn out, low morale, and an ever-lengthening list of gripes.

Complaining may help identify areas for improvement, but it is not particularly helpful unaccompanied by specific solutions, plans, or novel ideas. In this spirit, I offer five ways in which security professionals can improve their working lives.

1. Be specific: Scope and define the issue or challenge so that it can be addressed. Stating, “The alert-tuning process is painfully slow” does not help. Statements with specific information, such as, “Visibility challenges in 20% of the enterprise, limitations on the granularity of the alerts we can write, and the inability to query over multiple days of data for analysis and tuning purposes makes the alert tuning process slower than it need be” are far more helpful. The second statement sets goals and priorities that can be addressed in the coming months to try and improve the situation

2. Offer solutions: Even better than being specific is being specific and also offering solutions. Follow up the helpful statement in the previous example with solutions, such as, “Investing in the six-month plan to improve visibility (with a link to the plan), swapping out our analytical engine with one that allows more granular queries (with a link to the analysis and a comparison of different options), and adding additional processing power to our data warehouse (with a link to a cost analysis) will help us address these issues.” That not only gives the ability to set goals and priorities, it allows management to see the potential costs and understand the potential impacts of different options. That often spurs a sincere discussion on the challenge or issue at hand, rather than eliciting a response like, “Yes, let’s discuss that at some point - set up a time on my calendar.

3. Think strategically: Seeing the bigger picture can transform the way infosec pros approach a challenge or issue. Certain tactical or operational problems can be solved as part of other strategic adjustments. For example, say we are concerned about the volume of alerts we have in our alert queue each day and how it degrades our ability to detect and respond to legitimate security risks to the enterprise. If there is a strategic effort underway to improve, tune, and tighten alerting logic in order to reduce the number of false positives, that may very well solve the alert volume issues. In other words, a strategic initiative will take care of our tactical challenge

4. Think about impact: Think about the real day-to-day impact of whatever is troubling you. Something that may seem incredibly frustrating and challenging up close may actually turn out to be less of an issue after taking a step back. Perhaps what is bothering you does not have as much of an impact on your day-to-day success as you might initially think it does

5. Pick your crisis: Think long and hard about the crisis you are about to escalate and the battle you are about to pick. Is it really a crisis? Is it a battle worth fighting? Sometimes I think back on things that I once saw as a crisis when I was younger. At the time, I couldn’t understand why my management wasn’t doing anything about it. Now, I see younger employees acting the same way I used to, only I now have the benefit of experience and can see that it isn’t as much of a crisis as they think it is. I can now understand why my management responded the way they did at the time.

Security, like any profession, has its share of challenges and issues. In many cases, those problems impact the effectiveness of the security organization and should be addressed. When looking for assistance, it pays to pick your battles wisely, communicate details, and come prepared with plans and potential solutions.