The skills to propel your team’s cyber security defense

By Andrew Loschmann, Chief Operating Officer, Field Effect

Advancing your cyber security capabilities as you scale is an obvious need. But if you’re resourced like many infosec departments, either very lean or running solo, it’s always easier said than done. And as the pandemic throws more on your plate — there are often big expectations to meet, yet skilled talent and budget may be lacking.

If you’re feeling like you’re wearing multiple hats, rushing from one emergency to the next, or lacking the skills you need to move your department forward, you’re not alone. Last year tested even the most experienced professionals. IT and security teams were presented new situations that took instant priority — enabling remote workforces, securing cloud and video apps, setting permissions and policies, resolving user missteps, remediating COVID-19 threats, and more.

When your “to do” list changes instantly, it’s tough to get back to implementing your security strategy. This is even more challenging without the right resources — yet, the fundamentals haven’t changed. A scalable security plan requires technology that provides situational awareness as well as capabilities for effective remediation and tools to continually improve your security posture.

But technology is just half the battle. It’s also the people on your team, whether in-house or outsourced, who help to create a strong threat defence.

The cyber security skills you need in your arsenal 

IT environments are more complex and varied than ever before — and this requires as much visibility as possible across your network, systems, applications, and devices. To gain these insights, you not only need advanced, continuously improving technology, but human intelligence as well.

In fact, at the rate the cyber security industry evolves, you need security experts constantly ahead of the curve, educating themselves, and making sure they’re staying on top of the latest threats and the sophisticated offensive techniques that pose a risk to your operations.

To put this into perspective, here are just a few cyber security roles needed for threat monitoring and detection:

• Cyber Defense Analyst:  Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within IT environments with the goal of mitigating threats.
• Cyber Threat Analyst:  Develops cyber indicators to maintain awareness of the status of highly-dynamic operating environments. Collects, processes, analyzes, and disseminates cyber threat and warning assessments.
• Vulnerability Assessment Analyst: Performs assessments of systems and networks within the network environment, identifying where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
• Cyber Defense Forensics Analyst: Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system and network vulnerability mitigation.

While this is just a snapshot, each role requires extensive experience in cyber security and a combination of hard and soft skills — from software engineering and programming, computer and network forensics, network infrastructure management, and threat analysis to critical thinking, problem-solving, fast and strategic reaction, attention to detail, and the desire to learn — it’s a long list, driven by the complexity of cyber security.

If you need more convincing of the human intelligence required to defend IT infrastructures, applications, devices, and users, look back at December 2020’s massive SolarWinds supply chain attack, or the Exchange vulnerabilities patched by Microsoft in March.

In the case of SolarWinds, threat actors introduced a backdoor to Orion customers by modifying binaries supplied by SolarWinds in a supply chain attack that impacted more than 33,000 global customers. Following the installation of this backdoor, the attackers were able to gain access to networks of interest and leverage additional capabilities, such as compromising code signing certificates and forging authentication tokens — notoriously difficult to detect by even the most skilled security practitioners. The attack went undetected for months, enabling the threat actors to collect valuable intelligence from private companies, as well as U.S. agencies that included the Department of Homeland Security and the Treasury Department.

In the Microsoft Exchange incident, attackers actively exploited four zero-day vulnerabilities in Exchange Server. This left IT teams scrambling to patch systems and required incident response experts to develop tools and techniques to assess the impact and verify integrity following the compromise. During the event, security teams had to stay on top of the advice and guidance continuously updated from Microsoft and government agencies, while racing against malicious actors who were working to weaponize the exploits for ransomware.

These are both examples of security events that required deep expertise in cyber security forensics and incident response in order to act quickly and accurately to assess the impact to businesses.

The reality is, your immediate, or outsourced team, should have the cyber security training and expertise to understand attack techniques, threat behavior, the scope and severity of each new threat as it arises, the potential impact to your organization, and how to react quickly and effectively to mitigate active threats or risks. Teams should also bring the skills to evaluate and manage the technologies powering an organization’s threat defense — whether that is hands-on engineering and software development or hiring outsourced experts that add this value.

The cyber skills gap

Every aspect of an effective cyber defense requires multiple and distinct roles, yet few small and mid-size businesses have the budget or cyber security knowledge and skills to build, manage, and invest in a team of in-house cyber security experts.

And that often results in job requisitions for security analysts or infosec professionals that don’t fully capture all the responsibilities of the function. Or worse, a long list of IT and security requirements for just one position.

Talent to fill cyber security roles is also tough to find. As an industry, we’re still facing a monumental skills gap — with research projecting that this year, there may be as many as 3.5 million unfilled cyber security jobs globally.

For just a few in-demand roles, the salaries and benefits alone could translate to multiple six figure positions — but more critically, it may be hard to source skills for even one of these.

Rethink your security defense

When applying the right skills and technologies for a strong cyber defense, it’s key to look for the innovative solution providers that have the cyber expertise under their belt or have hired experienced cyber professionals and have continual training in place — or the service providers with security knowledge that are working with market innovators.

So if your cyber security strategy isn’t giving you time back and improving your security, or you’ve outsourced your threat defense and are still overwhelmed with your ‘to do’ list, it’s time to rethink your cyber security defense.

About the Author  

Andrew Loschmann, Chief Operating Officer, Field Effect Software, Inc.  Andrew Loschmann led five years of research and development efforts to bring Field Effect’s sophisticated suite of Covalence threat monitoring and detection and Cyber Range simulation and training platforms, as well as other services, to the global market. Andrew brings a 20-year background building and managing IT security products and programs, including 13 years in government/defense, as well as security policy development within the Government of Canada’s Privy Council Office and contributions to Canada’s Cyber Security Strategy. His technical background includes development of software and systems, and cyber security analytics, as well as leading incident detection and response teams.

Andrew can be reached online at (EMAIL, TWITTER, etc..) and at our company website, https://fieldeffect.com/