I talk quite a bit about technologies and threats but this can run the risk of ignoring one of the most critical elements – the professionals that we depend on to keep us safe. Less attention is paid to the human function in IT security and I’m not sure why; but it is worth noting that there is a significant evolution taking place here.
I am seeing the emergence and maturation of three roles: the security architect, the data scientist and the security administrator.
The Security Architect
Increasingly, I see the need for a cross-disciplined security architect. You can’t be successful if you think about your architecture in terms of products – you have to think about them as a system – with people, process and technology. So the architect has to make sure that his goal is on how his system is being developed and enabled, not just on the proper implementation and setup of a given area.
Technology pushes the understanding of the architect. New technologies and capabilities will change or diminish the value of a given product functionality. Certificate pinning highlights the need for different network defensive postures. But the best architects will not only understand that – they will maximize that in their environment.
They must understand the endpoint – they must understand mobile devices, tablets, laptops and other networked devices. Honestly, it’s an outrageous amount of things to keep track of.
We need to enable better architects – immerse them in the business and the process and then allow them to step back and put the proper system in place to protect it.
The Data Expert
You may remember the Malcolm Gladwell notion of the “mystery versus the puzzle.” A puzzle is a problem or a question with a definitive answer, the solution of which depends on finding all the relevant pieces of information. The mystery is a problem or a question without a definitive answer. As Gladwell said, “Mysteries require judgments and the assessment of uncertainty, and the hard part is not that we have too little information, but that we have too much.” So, while the puzzle may require you to make decisions based on not enough information, the mystery requires you to grapple with too much.
Our technology now has enabled us to log, compile and amass everything – which makes more things a mystery than a puzzle. Today’s data experts need to be hunters with data, not farmers. This role within your organization means someone is focused on recognizing anomalous behavior. It means having someone with an understanding of business processes and who notices when rules are broken. It means having someone capable of understanding cyber espionage campaigns such as “10 days of Rain.” And, because there is no defense that doesn’t get better with data, it means having someone who can help end the consumption problem and codify data.
The quest for data is at an all-time high and at the exact same time the valid privacy concerns are at a feverish pitch as well. We need to make sure that as an industry we work very carefully together so we can share more than we ever have. Your data expert need not possess a PhD, but he will need an appreciation for building better integrations involving identity and business process.
The Security Admin vs. Security Operations Expert
The evolution of the security admin began with configuration and installation. Efficiency followed as it became necessary to do more with fewer consoles, and fewer people.
Operational efficiency came next, focusing on sustained improvement of security. We needed to answer tougher questions, pushing farther and farther for higher levels of excellence.
- How did my endpoint, the last line of defense, manage to block an attack that made it through several over control points undetected? How must those controls be improved?
- Why am I blocking 20,000 websites with bad IPs in a workplace environment? Why are people even going to these?
- Who controls the policy between PC and iPad? Why have strong controls in one place and not the other?
- What about DLP? How about data as it interacts with applications?
- What about the databases? Who has access and controls and admin privileges?
- And what matters most?
I think this role needs to be about infusing the work of our operations into our security work. We need to start to expose the key metrics that register operational excellence.
You might think it odd that a CTO ponders these ideas, but to my way of thinking, you need the right people as well as the right technology. As an industry leader, my job is to help build the right products, with an appreciation of these roles to guide us. As you build out your teams and programs, I want to get in the head of those tackling the most daunting and complex of issues to make their job easier, so imagining the right team of people in those circumstances isn’t much of a stretch.