Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

What Are Your Cyber Team Dynamics?

We have a major shortage of qualified cybersecurity professionals. This is not a new realization and it is one in which the community general agrees. What isn’t talked about as much – but should be – is a cyber team’s dynamics and its impact on performance.

We have a major shortage of qualified cybersecurity professionals. This is not a new realization and it is one in which the community general agrees. What isn’t talked about as much – but should be – is a cyber team’s dynamics and its impact on performance.

Cyber defense is a team sport, akin to basketball. As it is with basketball, you need to have the right mix of players, teamwork and a solid set of offensive and defensive plays to rely on and adopt when the opponent takes control of the court. You don’t want five Michael Jordans, five centers, or five point guards. You need the right composition of team skills, work roles and integrated team performance. Your elite cyber defense team needs to actively communicate, pass the bits of evidence around, develop the big picture strategy and be able to adjust to different adversaries.

I have trained and assessed some of the best corporate and military cyber defense teams in the nation. Inevitably, they come to me as a group of very well trained individuals, who generally are quite well versed in one tool but don’t understand, or even realize, that there is another teammate next to them. I like to think of them as soda straws.  When I initially meet these teams, I work to find out who are multi-taskers, who are detail oriented, who are tenacious and who think ‘outside-the-box.’ I sort each individual into their technical cyber personality and begin working to help them reach their full potential.

When I first started assessing cyber teams, I participated in large scale cyber exercises with over 25 teams, marveling at the uniqueness of each one. They were different sizes, used different tools, were organized in different forms and, as you can imagine, performed very differently. Obsessed with trying to understand what the best team structure was and whether certain tools drove their exemplary performance, I asked them how they performed so effectively and fluidly – ‘what makes you a top team?’ I soon realized as with all complicated problems, there was no obvious answer, but there certainly were trends and lessons learned that I was able to take away from the experience.

A high performing, elite cyber defense team needs to have representation across the technical personalities I described above. They need ‘multi-taskers’ who can visualize the network and manage the various sensors and tools to aggregate the logs from the firewalls, Active Directory, Network Security Monitoring systems and host-event data. ‘Multi-taskers’ brains are wired specifically for this.

A high performing team also needs the detail oriented ‘perfectionist’ who can pore through and understand the router configurations, firewall rules and policy settings across all devices. The ‘perfectionist’ validates that the enterprise is configured as advertised. Due to the ubiquitous hacking attempts and breaches we see today, a high performing team must also employ tenacious, ‘out-of-the-box’ cyber hunters. These personality types can sense that somehow the adversary is on the network; they just need to find them. They know that skilled adversaries can by-pass defenses and hide patiently in all kinds of unusual places.

And last but certainly not least, a high performing team must have personnel who can put it all together. This person can sense the importance of one artifact and lead the team to finding more evidence of the intrusion kill chain. With these four personalities, the team has leadership skills, technical depth in one or more cyber arena, and a deep understanding of the use of cyber threat intelligence data – making it a winner, like the 1996 Chicago Bulls! 

In this world of daily cyber-attacks costing billions and wreaking havoc in our corporate boardrooms, we need to step back and take stock in what we have. It’s not just more people or more tools, although both can help; it is about connecting the dots, building the strategies, and adapting to the adversary by creating the best team to operate and understand the key business cyber terrain across the enterprise.

Advertisement. Scroll to continue reading.

To build effective teams, we must bring talented individuals together, pull apart the soda straws and assess their technical personalities, and leverage their strengths to accomplish a common goal and complete missions oriented towards defense.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.