Cybersecurity

3 Necessary Skills for Security Teams to Tackle Today’s Threats

Robert WoodBy Updated:4 Mins Read
Skills for Security Teams
Acceleration Economy Cybersecurity

Technology and, by extension, the cybersecurity field, evolve rapidly. There is a lot of material published around the evolving threat landscape, everything from data breach reports to deep-dive analyses on the latest advanced persistent threat (APT) group. Technology continues to change, but so have the skill sets needed to thrive in this industry. Let’s explore three different skill sets that I believe teams need to invest in to succeed today and into the future.

1. Data Skills

Data is driving more and more across almost every industry, cybersecurity included. I believe the SIEM-based approach of the past, primarily geared toward serving the SOC, will continue to serve us in the future.

Investing in skills around extracting value from data will be key for this future state. This is inclusive of, but not limited to, data engineering, data science, and analytics/BI skills. All of these disciplines orient around collecting, preparing, organizing, and analyzing data to get the most value out of it.

I believe that data work will span into just about everything we do in our discipline in a nontrivial way; from the way we do compliance to threat hunting to supply chain risk management. Preparing your team to be familiar with forward-thinking data skills will help ensure you’re extracting the maximum value from the data you’re collecting or creating.

2. Engineering Skills

Building, deploying, and operating scalable and reliable systems that have programmatic interfaces is becoming important in more and more fields. I do not believe that security is any different. Engineering is relevant and helpful in two main areas for security teams:

  1. Building application services that serve the security team or stakeholders of the security team
  2. Engaging with engineering teams to help make their code and systems more secure (this is often referred to broadly as application security)

Doing anything with systems without the right skill set can result in a significant accumulation of technical debt. Technical debt is often a drag on productivity and effectiveness. It can also represent a significant risk in itself.

3. Red Team Thinking

When I refer to red teaming here, I’m not talking about security testing, phishing, or exploit development. Red teaming is highly conflated with penetration testing across our industry, understandably. Red team thinking, to me, is about true critical thinking; approaching a problem, a system, or a situation from a contrarian perspective.

Security leaders cannot just run a change playbook or take the latest marketing strategies and make things come together in their respective organizations. There are people dynamics, technology dynamics, policies and compliance needs, and, not to mention, adversaries who always get a vote.

I believe that it’s critical to always be challenging the assumptions of yesterday and today to prepare effectively for tomorrow. Assumptions are constantly being made about how to solve a particular problem. It’s dangerous when teams are not willing or capable of revisiting assumptions. It’s dangerous when teams are not willing or capable of rethinking solutions that were implemented in the past but seem to struggle today.

A good example of this, in my experience, has been data loss prevention programs — starting with good intentions, perhaps a well-crafted scope. DLP programs are notorious for not having a return on investment that make them worthwhile; they’re riddled with false positives, they’re expensive, they’re prone to break legitimate capabilities, and more. Revisiting assumptions can and should happen at tactical and strategic levels. It’s a muscle snag that should be flexed and built over time.

Concluding Thoughts

The cybersecurity field continues to evolve quickly. Teams and individuals need to invest in skills that will help them future-proof. Being able to make effective use of data, building applications to solve problems and building them well, and thinking outside the box are all foundational skill areas. As situations continue to change or new problems present themselves, I believe these skill domains will be key to success, especially when taken alongside a general security background and mindset.

Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Share.

Robert Wood is an Acceleration Economy Analyst focusing on Cybersecurity. He has led the development of multiple cybersecurity programs from the ground up at startups across the healthcare, cyber security, and digital marketing industries. Between experience with startups and application security consulting he has both leadership and hands on experience across technical domains such as the cloud, containers, DevSecOps, quantitative risk assessments, and more. Robert has a deep interest in the soft skills side of cybersecurity leadership, workforce development, communication and budget and strategy alignment. He is currently a Federal Civilian for an Executive Branch Agency and his views are his own, not representing that of the U.S. Government or any agency.

Related Posts

Add A Comment

Comments are closed.