After more than ten years in cyber security, starting from fixing computers at a local pizza joint to leading a Security Operations Center (SOC) for a multibillion-dollar enterprise, I’ve picked up some invaluable lessons. Here are ten key takeaways from my journey:
- Cyber is All About Risk
Cyber security is primarily about managing risk. Businesses prioritize ideas based on their potential for profit versus the risk of loss. Cyber security, unfortunately, falls into the “money pit” category. It’s crucial to communicate to finance teams how investing in cyber security is not just an expense but a necessary measure for protecting the company’s money-making capabilities. - No One Cares About Your Stats
Metrics and stats might seem crucial, but they don’t matter unless they translate into financial impact. Learn to convert your security metrics into cost savings or risk mitigations that resonate with the financial perspective of your stakeholders. - Understand the Knowledge Gap
Cyber security is vast and no one knows it all. Recognize that colleagues may not have the same expertise in every area as you do, and be patient in explaining your processes and findings. Mutual understanding fosters better teamwork. - Avoid Overloading with Playbooks
While playbooks are useful, having too many, or excessively specific ones, can be counterproductive. Focus on creating adaptable playbooks that address common threats without bogging down the team with overly complex procedures. - Stay Ahead of the News
Keep yourself informed about major security threats reported in mainstream news before your boss does. Being proactive ensures you can provide informed answers and prevent unnecessary panic or misinformed actions. - Conferences Aren’t Always the Answer
While conferences like Blackhat can introduce emerging threats, they often don’t apply to every organization. Focus on addressing the threats pertinent to your specific environment rather than chasing every new vulnerability. - Know Your Sensor Locations
Understanding where your security sensors are deployed and what data they provide is crucial. Effective investigations depend on knowing which logs to check and where to find them. - Refine Your Threat Intelligence
Real threat intelligence goes beyond looking up IPs and hashes. It involves understanding critical assets, associated vulnerabilities, and how attackers operate. Use this knowledge to predict and defend against potential threats effectively. - Write Clearly to Avoid Misunderstanding
When drafting reports, aim for clarity. Avoid jargon and ensure your writing is accessible to all readers, including those with less technical expertise. The goal is to communicate effectively, not just to those who are familiar with the subject. - Collaborate with Marketing
Don’t underestimate the value of marketing and design. A well-crafted visual can convey complex security issues more effectively than a lengthy report. Engage with marketing professionals to help translate technical details into impactful visuals that can aid in securing support from leadership.
Conclusion
My journey through cyber security has been a rollercoaster of learning and growth. I hope these lessons help you navigate your own path in this challenging and rewarding field.
Credits Reddit Post: https://www.reddit.com/r/cybersecurity/comments/p9fo4d/my_thoughts_on_a_decade_of_cyber_security_10/