Building cross-functional security teams
For years, the norm has been to create separate security teams. These include the incident response team, security operations centre, the red team or penetration testers who follow the entire hacker lifecycle across a network and the blue team who manage security analytics, among others.
"Many of these teams have worked separately, and in isolation from IT teams, such as help-desk, network administrators and cloud teams," says James Stanger, chief technology evangelist at CompTIA.
According to Stanger, we are today seeing evidence that these isolated teams are increasingly working together.
"Communication is vital. Therefore, a cross-functional cyber security team might include individuals from the help-desk and penetration testers, or security analysts and network administrators. We're also seeing non-technical individuals being included, such as company executives and sales managers. It is vital to include all relevant individuals."
Stanger says there are many benefits to having cross-functional cyber security teams. "Threat actors are highly skilled at finding what I call 'interstices' inside of today's companies. These interstices are places that are difficult to secure [because it's] where one technology connects with another."
This could include the space where a Web server connects with a Web browser, or where a Web server connects with a database. "The most dangerous interstice is where an end-user - you and me - connects with a piece of technology. Social engineering is a very difficult category of attack to resolve."
Today's cross-functional cyber security teams can help resolve these issues. "But it'll work only if individuals with various responsibilities and skills work together," urges Stanger.
Isolating teams and thinking these teams can handle security by themselves is a mistake. "The worst thing that can happen is if people start thinking and acting as if security is someone else's problem."
Cross-functional cyber security teams benefit from a combination of diverse skills complementing each other: soft skills, such as emotional intelligence and complex reasoning; an understanding of the hacker lifecycle; and the ability to understand not only the technical issues in a network, but also the business needs of an organisation.
Stanger will present a hands-on approach to orchestrating cross-functional cyber security teams, at ITWeb Security Summit 2019, to be held from 27 to 31 May, at the Sandton Convention Centre.
Delegates attending his talk will learn how to map steps of the hacker lifecycle, including signatures, traces and evidence, as discussed in Locard's Exchange Principle.
"They will also gain an understanding of the proper relationship between the red team and the blue team, and will learn the importance of moving from the 'defender's dilemma' to the 'hacker's dilemma' when planning defence strategies."