Technologies such as mobile, social networking, analytics and cloud computing are changing the security landscape, and security technologies are rapidly evolving to address that change.
It’s not just the technology that needs to change, however: security teams need to change as well.
EMC has evolved and must continue to evolve our security team to effectively combat the threats of today and tomorrow. The core skills essential to expand include business engagement and awareness; a consultative approach; the ability to sell or “market” security; and creative control design for the mobile and cloud-enabled world of tomorrow.
Another key group of skills that I recently had the opportunity to discuss at our RSA Global Summit is advanced security and defensive operations.
Over the last few years we’ve developed a state-of-the-art Critical Incident Response Center (CIRC) at EMC. A large factor contributing to our success is the team that built, evolves and operates it. Sustaining the protection the CIRC provides depends on our ability to leverage the model we have used to date.
First, we built a solid foundation. We established a base of skilled practitioners with deep knowledge and years of experience in this area. These proven leaders hold another critical skill as well–the passion to educate and mentor.
To maintain that foundation, we must:
- Provide career paths, advancement and opportunity
- Pay competitively, although money is not enough (though it does help!)
- Create professional development opportunities
- Provide industry visibility through participation in forums and industry organizations
- Facilitate and support true bi-directional information sharing
- Enable innovation
- Address their frustrations and remove roadblocks to support their ability to provide the best defense possible.
We build on that foundation by introducing new talent —energetic, smart, eager-to-learn, self-starting, inquisitive, confident, persistent problem-solvers— into entry-level positions. Using this combination of mentorship and on-the-job training, we shape incoming talent into the practitioners of the future.
So where do we find these people? There are several sources where we have had success.
First, we look to college hires and interns. We find them early, train them, and make them part of the family. We try to keep them engaged by keeping them employed during the school year and then pulling them into entry positions when they graduate.
The other significant source we have is from cross-training IT operations team members. These professionals bring not only technical knowledge and key skills, but information about the IT infrastructure and connections across the IT team who can provide answers and speed actions.
CSOs from smaller organization may ask, “I can’t afford a large, dedicated response team like EMC’s. What can I do?”
Scaling the CIRC function down into smaller teams requires compromise, simplification, automation, and using services for commoditized components. It’s essential to focus on delivering high-value tasks—those that map and tune the protection to the enterprise, such as incident management and response—with internal resources. Tasks that enable you to govern and evolve the level of protection remain inside as well, as do those that ensure that service levels are met. Commodity tasks such as first-level response and malware analysis can be delegated to service providers.
A critical issue to think about in any program is how to scale the response when a large incident occurs. It’s important to have an existing relationship with a provider and an understanding of how you will work together. The last thing you need at a time of crisis is for people to lose focus because they are battling over roles.
One last, essential area to consider is data science—a skill set needed to take full advantage of analytics. Analytics will increasingly be built into security technology, but near-term and for specific scenarios we need access to this scarce and often high-priced skill set. Whether you find this talent in other areas of your business or through external partners and providers, the key to success is to partner your experienced CIRC analysts who understand the threat with this analytics talent. Together they can provide crucial insights into your data and environment.
As you build and evolve your team, keep in mind that the best security technology is only as strong as the team that uses it.