Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Flash Poll: Critical Skills Gap In Threat Intelligence
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/23/2014 | 7:40:43 AM
Re: The Team Rules -- jack of all trades
@RobertMcDougal 

You make a great point about specialization. And I suspect your experience -- wearing many security hats-- is fairly typical.  As InfoSec continues to mature and evolve along with the threat landscape, there would definitely seem to be a need for a core group of specialists within the SOC. especially in larger companies. Is anyone aware of that type of organizational structure now?
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
6/22/2014 | 9:39:17 AM
Re: The Team Rules
To add to your point, in my experience organizations attempt to cover all areas of security with as few people as possible.  This practice forces the security professionals in those enterprises to become a jack of all trades and master of none.  

We need to do a better job of educating management of the value of security specialization.  Unlike, other areas of IT such as system administratrion or network management you cannot get away with only hiring generalists.  
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/20/2014 | 7:35:03 PM
The Team Rules
Is it possible this partially reflects the habit of some companies to keep dropping hats on the same tech with the idea of saving money?  I would argue, especially in enterprise-scale organizations, that security is a team op, and that you couldn't expect one or two people to fill every role, from forensics examiner to systems and network auditor, or to be a perimeter protection analyst, incident handler and intrusion analyst all in one, or even jump from pen tester to reverse engineer, and then secure software programmer/auditor.  A solid security team should break the load up, with each member specializing, though able to switch hats at any given moment. 

To the point of keeping up, every security manager should be daily, if not hourly, reading sites like Dark Reading and Packet Storm, or Infosecurity and keeping tabs on exploit and malware databases, looking for trends, new tech and risks, and assigning one of the team to attack critical topics in order to learn, master and defend against them.  All this requires bodies, smart and enthusiastic ones, and the willingness to do the time, the curiosity to read on beyond the news and exploit titles, and the hacker drive to see a solution through, or to beat the opponent at their own game.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
6/20/2014 | 5:25:24 PM
Its up to us to fill in the gaps
It also needs to be in the priority of the Information Security professional to fill the gaps within their organization. For example, the forensics being the most lacking was true for my organization as well. However, my coworker and I sought to put this into our security initatives. He having a degree in forensics and myself having done masters work in forensics saw it necessary to develop a process which we documented and have the proper tools and protocols in place to have a successful forensics procedure. As security professionals we need to be enthiusiastic and proactive when it comes to filling in the gaps we perceive our organizations to have.
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 3:53:49 PM
Re: Critical Skills Gap
I personally believe that self study is the majority of what employees get in the realm of training. Much cheaper and the class size is smaller.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/20/2014 | 3:03:02 PM
Re: Critical Skills Gap
It truly is. It's a job in and of itself just to stay current. Curious to know how much of this is self-directed and how much support you get from your company?
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 2:46:36 PM
Critical Skills Gap
Informative. As I have said before this shows why it is quite an task to be at a functional level in all of these disciplines.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
'Unkillable' Android Malware App Continues to Infect Devices Worldwide
Jai Vijayan, Contributing Writer,  4/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18375
PUBLISHED: 2020-04-10
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
CVE-2019-18376
PUBLISHED: 2020-04-10
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
CVE-2019-7305
PUBLISHED: 2020-04-10
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information di...
CVE-2020-8832
PUBLISHED: 2020-04-10
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacke...
CVE-2020-1633
PUBLISHED: 2020-04-09
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, lea...