Cybersecurity
March 4, 2021

The People of InfoSec on the People of InfoSec

Cybersecurity Leaders
a woman and a child are sitting at a tablelong exposure image of man walking by blue panels

Throughout my time covering cybersecurity for numerous publications, one thing has always stood out: the people who do the job, and those that are still needed.

Humans have always been the crucial piece of the puzzle. Despite advances in technology, I have never failed to be struck by the creativity, ingenuity and integrity on display from the people of InfoSec.

To understand the collective mindset of this community, I asked the opinions of some interesting people in the sector, which can be found in this new eBook ‘Cyber Humans: The People of InfoSec on the People of InfoSec’.

It’s not an in-depth technical whitepaper or threat research report. In fact, the only data in it are people’s opinions. Rather, it’s a snapshot of what’s going on with the people behind the screens.

We hope it’s the kind of thing you might browse for five minutes when you need a break from log files and controls frameworks, or you have been stuck in a home office all day and need a bit of mental fresh air. We tried to represent a cross-section of roles, from the SOC Analyst to CISO, to understand their views on skills, human traits and behaviours. In fact, some of the most insightful opinions came from those on the frontlines.

Tracy Z. Maleeff, for example, Information Security Analyst at The New York Times Company, told us that more diversity and inclusion is needed, as “diversity of thought solves problems”. She said, “In order to do InfoSec jobs better, we need better managers and better companies who are truly committed to making InfoSec more diverse and inclusive for all our benefit”.

Daniel Cuthbert, Head of the Review Board for Black Hat, said the main thing needed is “situational awareness of other people’s role, as security people can be narrow minded and don’t understand how other roles work”.

He recommended stepping into another person’s shoes for a day, while Joe Hancock, partner and Head of Cyber at MDR Cyber, said the best people are able to understand the gap between the business and cybersecurity, and are able to take a step back and see the bigger picture.

The idea of being curious was raised by Taharka Beamon, SOC manager at Reed Exhibitions, who said being inquisitive and analytical were “character traits that make good cybersecurity people” as it helps them learn about new systems, software, cyber attacks and more.

“Being analytical will help break down complex problems logically to find the root cause or determine the remediation action required,” Cuthbert agreed, saying a level of curiosity “and not accepting face value and the general consensus” is important.

Empathy and patience are also primary skills, according to Maleeff, as “people are at the core of security, whether it be end users or other professionals”. Being approachable, understanding, and having a willingness to listen are traits that can be key to resolving issues.

And what about skills going forward? Our contributors recommended:

  • An understanding of ARM and modern architecture
  • An understanding of industry terms
  • More “hard” and operational skills
  • A better recognition of personal privacy
  • Cloud security

But I don’t want to give everything away. For more insights from CISOs, researchers, thought leaders and front-line teams, download the eBook here – and don’t forget to let us know what you think.

Dan Raywood
Information security journalist, moderator, speaker
@DanRaywood

 

Trusted by top companies worldwide
to enhance cybersecurity

What Our Customers
Are Saying About Immersive

Realistic simulation of current threats is the only way to test and improve response readiness, and to ensure that the impact of a real attack is minimized. Immersive’s innovative platform, combined with Kroll’s extensive experience, provides the closest thing to replication of a real incident — all within a safe virtual environment.

Paul Jackson
Regional Managing Director, APAC Cyber Risk, Kroll

The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge.

TJ Campana
Head of Global Cybersecurity Operations, HSBC

We no longer worry about managing infrastructure, leaving us free to build great courses.

Daniel Duggan
Director, Zero-Point Security

Ready to Get Started?
Get a Live Demo.

Simply complete the form to schedule time with an expert that works best for your calendar.