Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/12/2019
02:00 PM
Chris Schueler
Chris Schueler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

A number of converging factors are changing enterprise cybersecurity, and as a result, we must change the way we approach it.

First, cybercriminals are becoming much better at penetrating organizations using nontechnical means. With social engineering and phishing techniques, they can bypass organizations' increasingly advanced defenses by manipulating insiders to gain access. Research shows that phishing and social engineering were the most common methods of compromise in 2018, serving as the conduit to the initial point of entry in more than 60% of security breaches in both cloud and point-of-sale environments, as well as in 46% of corporate and internal network breaches.

Second, the volume of data in organizations is growing exponentially and is increasingly stored in a more decentralized manner, making it difficult to ensure it's being optimally protected. Research firm IDC predicts the volume of data worldwide will grow tenfold by 2025 to 163 zettabytes, with the majority being created and managed by enterprises. This growth is being driven by the proliferation of artificial intelligence, the Internet of Things, and other machine-to-machine technologies in enterprises across all industries. This increase in new technologies means a larger attack surface, new attack vectors, and more points of vulnerability for organizations to secure.

Amid these challenges, organizations are also facing a global shortage of skilled cybersecurity talent able to address the rapidly evolving threat landscape and manage the myriad of security technologies employed by their organization. The recent (ISC)² Cybersecurity Workforce Study revealed a worker shortage of nearly 3 million for cybersecurity positions around the globe. In the US, it takes organizations an average of three to six months to fill an open security position — leaving businesses and their valuable data vulnerable to increasingly sophisticated threats. 

Nontraditional Skill Sets Could Be the Answer
To address these challenges, organizations must cast a wider net and be open to looking beyond the typical cybersecurity persona to recruit individuals from nontraditional disciplines and backgrounds. One of the biggest faults in our industry is that for far too long we've looked for only a certain, specific type of person to serve as cybersecurity professionals. By doing so, we find ourselves in this workforce shortage and risk developing a groupthink mentality as an industry. Instead, we must look to recruit, mentor, and advance the sharpest minds and individuals who bring a different approach, regardless of their educational background or previous professional experience.

For example, the skill sets we need to hire for are not necessarily technical. Instead, they are characteristics such as curiosity, tenacity, an aptitude for spotting patterns others miss, or an ability to put oneself in the mind of a nefarious person and anticipate what they will do next. Bringing together a collaborative group of people with a wide variety of skills, experience, and education will remain essential for keeping pace with the criminal mind. Some of the nontraditional disciplines that make for excellent additions to top-level cybersecurity teams include:  

  • Data scientists: The growth of enterprise data has made data scientists more important than ever. These individuals are familiar with using machine learning to parse through vast volumes of data to look for usual patterns or anomalies that may indicate a breach.
  • Statisticians: Cybersecurity is not a problem to be solved but a risk to be managed and mitigated. It's no longer a matter of if an attack will occur, but when, and how will we manage it. Statisticians and mathematicians excel at gauging organizational risk tolerance and determining incident probabilities, and their calculations are an increasingly important part of broader enterprise risk management strategies.   
  • Investigators, law enforcement, and military: People with a background in law enforcement, military service, or other types of investigators are experienced threat hunters, able to adopt a black hat mindset, build criminal profiles, and establish modus operandi. They are able to participate in Dark Web communities, conduct reconnaissance investigations, and accurately predict what the enemy will do next.  
  • Liberal arts: Any number of different liberal arts fields can bring value to a cybersecurity team. From communications to psychology, philosophy to sociology, these fields help us understand the human side of the equation, and individuals with a background in the liberal arts naturally leverage creative and abstract thinking to match the minds of black hats.

The Future of Cyber Teams
To contend with adversaries who are becoming more abstract in their attack planning and execution, security teams must blend traditional disciplines (computer science, network engineering, coding, etc.) with nontraditional skills. Some of the most important qualities in the future cybersecurity analyst are critical soft skills — such as curiosity and an ability to handle stress and chaos.

Moreover, diversity on your team is key. Not every individual on your team may think alike, but they're all working toward a shared goal: to protect critical data and organizations that house that data — and that's invaluable. To put up a true fight against adversaries, organizations can't just rely on diverse and cutting-edge technologies. Organizations will need to also put their faith in people with diverse expertise and backgrounds with a common goal and team mindset to survive in this next generation of cyber threats.

Related Content:

Chris Schueler is Chief Executive Officer at Simeio Solutions where he drives the overall vision and strategy. He is a proven leader with extensive experience in go-to-market operations and product development in the managed security services space.  He joined Simeio ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
6/19/2019 | 10:32:25 AM
Variety of skill
When I joined the Malware forensics team, 1'st stint, in 2016, I was one of the few who had built a server from ground up and knew the fiction of a single svchost.exe event.  So skills of a variety are an incredible asset.  Psychology too as some users just want to click on an infected attachment JUST TO SEE what the thing actually does.  Curiosity killed the cat or the network.  
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
CVE-2020-26243
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
CVE-2020-25650
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...