4 minute read

Cybersecurity: it’s a hybrid team sport

STEVE SCHUPP

by Steve Schupp, Executive Director – CyberCX WA Branch

Just as the cloud has blurred the definition of the network perimeter, the invisible line around your cybersecurity team has also likely blurred. Whether you have a small team and are reliant on external providers, or a large team tapping into specialist capability, it is more than likely your cyber team extends far wider than those you employ. In practice, this fuzzy line around your team creates an environment in which you can improve security together.

THE HYBRID TEAM

Gone are the days when someone from the network team who had an interest in hacking could occasionally wear a ‘cyber hat’ and do cybersecurity as a side project. There is now greater awareness that a risk based approach to decision making is a crucial prerequisite for effective security outcomes.

As a result of this maturation in the cyber domain, the need for specialist skills in various areas of cybersecurity has increased. It is no surprise companies engage with external providers for discrete projects and services. This has been happening in IT for decades.

However, I believe there has been a strong trend recently for SMEs to consciously consider the structure of their cyber teams, to actively discuss hybrid capabilities with service providers and to incorporate external providers into their own ‘hybrid’ cyber capability. Cyndi Spits, Project Manager for Perenti Group, says a collaborative team that encourages the business to engage with cybersecurity was an important factor for Perenti, where there is “a relatively flat team structure with collaborative team leaders rather than a traditional top down management structure, and where both internal resources and managed service providers are used.”

Trudy Bastow, Director, Managed Security Service Operations, Federal Government and Protected SOC for CyberCX, says a structure that combines internal and external resources enables different skills and experiences to be brought together to achieved desired outcomes.

Bastow also raised the benefit of risk reduction in the event that, in a tight labour market, employees leave. “When you partner with an external team, that risk reduces as you still have a team who are familiar with the business risks and requirements, who can pick up that gap to provide continuity of skills,” Bastow says.

However, this does not mean it is straightforward to build a hybrid team with internal and external members. Bastow stresses the importance of

investing in relationships. She says understanding who your collaborators are and putting time aside to achieve this is integral to success.

There are many personal and professional benefits to be gained from this investment, such as long term connections you maintain throughout your career, or the opportunity to build on business skills such as team management which enhance your promotion prospects. Spits involvement with cyber security projects has raised her interest to undertake hands-on cybersecurity training through the Australian Women in Security Network and work towards obtaining other technical certifications including CISSP.

THE SPECIALIST SKILLSET

Threat intelligence is one specialisation becoming increasingly common in our industry. Claudia Muller, lead cyber intelligence analyst at CyberCX, believes introducing threat intel allows companies to “understand how their internal and external context influences their cyber risk and informs threat actor behaviour so they can spend their money and effort on the controls that best protect them from their most significant threats.”

Assessing and contextualising all information coming from the firehose of threat intelligence creates a significant workload for in-house teams. In addition, it is difficult for in-house teams to ‘look over the fence’ and see what is happening in other companies or industries.

According to Muller, CyberCX works closely with its security operations analysts, incident responders and pen testers. “Their insights enrich our intelligence, and our intelligence enables them to provide services more tailored to Australia and New Zealand based on threat activity and broader trends,” she says.

Muller also believes communication to be a crucial element in making extended teams perform. She describes two-way communication as “a cornerstone of intelligence analysis.” The professional benefits gained by mastering these skills are valuable for anyone in an extended team role. Muller is confident doing so has made her better at engaging with other teams during the intelligence analysis cycle, which in turn has made her a better analyst.

GREATER SUCCESS

Cyber teams that identify gaps and expand their capability through external providers have a much greater ability to address the security challenges faced by their organisation. Muller agrees, saying, “In my role it is essential to work with our clients as partners and to work together as ‘one team’ to improve security outcomes.”

Spits believes that while IT understand the need for increased cybersecurity, it is the business users that will be impacted by the implementation of cybersecurity solutions on a daily basis, especially in a decentralised workplace, “so we all need to work together to strike the right balance of cybersecurity and usability”.

The concept of improving security together resonated with Muller’s role, allowing the extended team to bridge siloes and improve relationships so security management could be interoperable across the physical, personnel and cyber domains, reflecting how threats operate. Muller also notes the importance of empowering people to understand that no one has a ‘neutral’ impact on security. “Anyone’s actions can uplift or degrade security,” she says.

Cybersecurity has become a hybrid team sport where extended teams with shared objectives whose members develop strong relationships and communication skills will be the winners, and ultimately will improve security together.

www.linkedin.com/in/steve-schupp-605457

This article is from: