The People of InfoSec on the People of InfoSec

In collaboration with Dan Raywood, we’ve been catching up with the people of InfoSec to find out what makes them tick. This is the first blog in our #CyberHumans series.

Throughout my time covering cybersecurity for numerous publications, one thing has always stood out: the people who do the job, and those that are still needed.

Humans have always been the crucial piece of the puzzle. Despite advances in technology, I have never failed to be struck by the creativity, ingenuity and integrity on display from the people of InfoSec.

To understand the collective mindset of this community, I asked the opinions of some interesting people in the sector, which can be found in this new eBook ‘Cyber Humans: The People of InfoSec on the People of InfoSec’.

It’s not an in-depth technical whitepaper or threat research report. In fact, the only data in it are people’s opinions. Rather, it’s a snapshot of what’s going on with the people behind the screens.

We hope it’s the kind of thing you might browse for five minutes when you need a break from log files and controls frameworks, or you have been stuck in a home office all day and need a bit of mental fresh air. We tried to represent a cross-section of roles, from the SOC Analyst to CISO, to understand their views on skills, human traits and behaviours. In fact, some of the most insightful opinions came from those on the frontlines. 

Tracy Z. Maleeff, for example, Information Security Analyst at The New York Times Company, told us that more diversity and inclusion is needed, as “diversity of thought solves problems”. She said, “In order to do InfoSec jobs better, we need better managers and better companies who are truly committed to making InfoSec more diverse and inclusive for all our benefit”.

Daniel Cuthbert, Head of the Review Board for Black Hat, said the main thing needed is “situational awareness of other people’s role, as security people can be narrow minded and don’t understand how other roles work”.

He recommended stepping into another person’s shoes for a day, while Joe Hancock, partner and Head of Cyber at MDR Cyber, said the best people are able to understand the gap between the business and cybersecurity, and are able to take a step back and see the bigger picture.

The idea of being curious was raised by Taharka Beamon, SOC manager at Reed Exhibitions, who said being inquisitive and analytical were “character traits that make good cybersecurity people” as it helps them learn about new systems, software, cyber attacks and more.

“Being analytical will help break down complex problems logically to find the root cause or determine the remediation action required,” Cuthbert agreed, saying a level of curiosity “and not accepting face value and the general consensus” is important.

Empathy and patience are also primary skills, according to Maleeff, as “people are at the core of security, whether it be end users or other professionals”. Being approachable, understanding, and having a willingness to listen are traits that can be key to resolving issues. 

And what about skills going forward? Our contributors recommended:

  • An understanding of ARM and modern architecture
  • An understanding of industry terms
  • More “hard” and operational skills
  • A better recognition of personal privacy
  • Cloud security

But I don’t want to give everything away. For more insights from CISOs, researchers, thought leaders and front-line teams, download the eBook here – and don’t forget to let us know what you think.

TOPICS
Cyber Humans
PUBLISHED

4 March 2021

Dan Raywood
Information security journalist, moderator, speaker
@DanRaywood

Meet the Cyber Humans here

We help businesses to increase and evidence human capability in every part of cybersecurity.