Jane Frankla Words of Wis
Cybersecurity Influenc Advisor, Speaker, Auth
Articles & Blogs
Cyber Professional Barbie: The Importance of Embracing Diversity in Cybersecurity
Choosing an MDR Provider: Boutique or Big Brand (Part 1)
Financial stress can actually lower your IQ?
Growing up, most women had a Barbie in their lives at some point. Whether you found her artfully arranged on the toy shelf or covered in ‘dirt’ and tucked away, Barbie has played a significant role in shaping many people’s perceptions and aspirations. In this blog, I’ll be delving into how Barbie continues to influence people, particularly women. I’ll also be examining the latest Barbie movie’s contribution to the cybersecurity conversation, with a specific focus on the importance of equity, inclusion, and diversity in cybersecurity.
This blog compliments a talk I did with BeyondTrust, entitled ‘Women in Security –Embracing Diversity in Cybersecurity: The Power of the New Barbie Film.’ In that keynote, I explored the new film’s significance in promoting diversity in cybersecurity and addressing the impacts of underrepresentation. I shared 10 important lessons with our community, which you can access here.
Barbie’s presence in cybersecurity
Since her innovative and revolutionary launch in the 1950s, Barbie has been both celebrated and criticized for what she represents. She’s been viewed as a product of consumer-capitalist society, perpetuating unrealistic beauty standards and reinforcing gender stereotypes. However, Barbie has also been hailed as a symbol of empowerment, challenging societal norms and encouraging girls to dream big and be anything they wanted to be much like what’s possible for today’s cyber professionals.
When it comes to Barbie’s presence, she’s played many roles in the workplace – from doctor, lawyer, surgeon, and pilot to construction worker, astronaut, and even a president but to date, there’s never been a hacker Barbie! Despite this, the latest Barbie movie offers an intriguing perspective on the role of diversity, equity, and inclusion within the workplace, which will particularly benefit women in the industry.
Directed by Greta Gerwig and with headline stars, such as Margot Robbie as Barbie and Ryan Gosling as Ken, the movie explores many themes, including empowerment and resilience, personal growth, relationships and connections, representation, and diversity. However, the standout messages for me are those which tackle belonging, identity, and power.
Why diversity “belongs” in cybersecurity
In recent years, the cybersecurity industry has recognized the need for greater diversity and inclusivity. Research has shown that diverse teams bring unique perspectives, innovative ideas, better problem-solving abilities, and higher profits. Yet, the representation of women and underrepresented groups in cybersecurity remains low. This is where Barbie’s latest movie steps in to spark a conversation.
By featuring diverse characters from a range of backgrounds, and highlighting their contributions to solving Barbie’s main problem, the Barbie movie sends a powerful message about the importance of inclusivity and belonging in the world. It showcases that anyone, regardless of their gender, ethnicity, race, sexual orientation, or background, can make a meaningful impact in the world. And when we apply this to our community in cybersecurity, it means protecting our digital world.
As viewers watch characters like Barbie navigate complex challenges and collaborate with diverse teammates, it becomes evident that she possesses the power to shape perceptions and inspire change. The message conveyed is not just one of empowerment for women in cybersecurity; it also extends to anyone interested in pursuing a career in this field. The representation of diversity allows them to envision themselves playing a vital role in safeguarding cyberspace. With Barbie as a symbol of inclusivity and belonging, the movie encourages individuals from all backgrounds to recognize their potential and participate in building a secure digital world.
The movie prompts us to consider how diversity strengthens cybersecurity. It emphasizes the need for diverse perspectives in combating evolving threats. Without a diverse team’s input, hackers can continue to exploit vulnerabilities and vulnerable groups that are often overlooked.
Barbie encourages us to see things from another person’s perspective. This fosters empathy and understanding, qualities that are crucial in the field of cybersecurity. By understanding the experiences and challenges faced by different individuals and communities, the movie helps us consider and evaluate more comprehensive strategies to ensure women feel included in cybersecurity. With greater inclusivity, diverse cybersecurity teams can together reduce cyber risks.
Examining—and challenging—power dynamics in cybersecurity
In the movie, power is portrayed in various ways, with a focus on exploring gender dynamics and hierarchies. The movie presents a fictional world, called Barbieland, where traditional gender roles are challenged, and power dynamics are examined.
The movie showcases an unequal power balance, with Barbie holding most positions of power in Barbieland. This portrayal challenges traditional gender norms, highlighting the concept of power hierarchy and its impact on women’s representation and opportunities. Additionally, the movie, entertainingly, addresses the idea of power being associated with femininity. By examining power dynamics through a feminist lens, the movie invites discussions about gender equality and representation.
For women in cybersecurity, that’s a good thing. Just as the Barbie movie challenges gender norms and seeks to empower women, it also prompts us to consider the importance of inclusivity and equal opportunities in cybersecurity. By bringing diverse perspectives and talents to the table, including those of women, we can strengthen the field and improve our ability to combat evolving threats.
In cybersecurity, women have historically been underrepresented, facing barriers and biases that have limited their participation and contribution. The movie’s exploration of power dynamics and gender equality encourages us to address these disparities. By embracing diversity, promoting equal opportunities, and providing support and mentorship, we can foster a more inclusive and effective cybersecurity community.
Exploring the authentic cybersecurity identity
In the new Barbie movie, identity is subtly explored as a milestone in the quest for authenticity. The film aligns with the current zeitgeist, emphasizing the need for more authentic representations of women’s experiences and exploring diverse career options beyond traditional gender roles. The portrayal of identity in the movie encourages young girls and women of all ages to explore different aspirations and challenge societal norms.
The movie’s exploration of identity highlights the importance of embracing individuality and diverse perspectives in the field. Just as Barbie encourages young girls to break free from stereotypes, women in cybersecurity can challenge preconceived notions and contribute their unique skills and experiences to make a difference. By embracing their authentic selves, women can bring fresh insights and approaches to addressing cybersecurity challenges.
In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. However, not all organisations have had the means to invest in and manage the staffing and infrastructure required for a Security Operations Centre (SOC).
This is where Managed Detection & Response (MDR) providers come in. MDR providers offer an all-in-one solution for organizations that combines people, processes, and technologies to strengthen security measures and reduce risk exposure. They include monitoring for potential threats and incidents, responding to confirmed breaches, and providing support for incident investigation processes. Many will also use advanced technologies such as artificial intelligence, machine learning, and data analytics to improve detection accuracy and speed up response times.
In this blog, I’m going to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. I’ll be discussing the market, terminology, and three core features I believe you should consider. I’ll also be considering the benefits that they can offer, as well as the potential drawbacks. I’ll be doing this in three parts, as there’s a fair bit to get through.
So, whether you’re an enterprise or a small to medium sized business considering an MDR solution, keep reading because by the end of this three-part blog series, you’ll have a better understanding of which option will best suit your needs.
Terminology
MDR providers have grown immensely since Gartner first coined the term in 2017. Since then, providers have been attempting to reduce the term by using different names and acronyms in an attempt to set themselves apart. Examples include Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Threat Detection and Response (TDR), and SOC-as-a-Service (SOCaaS). Whilst some can be related, simplistically, here’s (very briefly) how they differ from each other.
EDR provides endpoint-focused threat identification, remediation and threat hunting support.
MDR is EDR as a fully managed 24×7 service.
XDR is a threat centric network traffic analysis (NTA) service.
TDR proactively identifies and mitigates security breaches by monitoring network activities, endpoints, and cloud environments. TDR detects known threats and identifies anomalous patterns indicative of emerging risks. This proactive approach enables swift response measures, minimizing the impact of potential breaches. TDR services provide real-time insights, correlating data from diverse sources to offer a view of the security stance. TDR uses automation to enhance the efficiency of incident response teams, ensuring a rapid and effective defense against cyber threats.
SOCaaS refers to outsourcing the entire security operations center function to a thirdparty provider, including people, processes, and technology for monitoring, and responding to security events. While SOCaaS is an outsourced service offering and can encompass managed threat detection and response as part of its offerings, it also includes other security operations functions such as log management, incident response, vulnerability assessment, and more.
The Market
SOCaaS is a growth market and is predicted to grow from $6.7 billion in 2023 to $11.4 billion by 2028, with a CAGR of 11.2%. As MDR is one of the top three most popular cyber security operations to outsource, it’s largely become popular amongst enterprise and mid-size organizations. Unsurprisingly there’s a wide range of providers in the market, and the easiest way to illustrate this is with a diagram, see below.
As a result, many buyers find it hard to ascertain which MDR provider is right for them, and whether a boutique provider is a better fit than a big brand. So, let’s examine this and the first feature, technology.
Core Feature #1: Technology
It takes considerable resources and experience to be able to provide a comprehensive MDR service and one of the best ways to compare providers is by examining the ways in which they operate their technologies, so let’s look at threat detection.
Threat Detection
When a threat actor penetrates your company, or there’s been a compliance failure, you need to know ASAP. In order to lessen the time and impact of an attack or breach, an MDR provider will reduce false positives, and quickly identify true threats, Indicators of Attack (IoA) and Indicators of Compromise (IoC) hidden within their client’s endpoint, network, and cloud system telemetry. They use network segmentation and “shift left” strategies in the attack chain to isolate attacks or disrupt threat actors before they have a chance to launch their threat campaign. As such, it is essential to review the methods and techniques an MDR provider uses for threat detection, including threat hunting, intelligence, and research.
For threat intelligence and research to be effective, it must be broad, deep, and incorporate client specific information. A variety of Open-Source Intelligence (OSINT), and proprietary sources should be included to identify not only the IoA, and IoC, but also the Tactics, Techniques and Procedures (TTPs) used by attackers. If a company were to invest in building this capability internally, the cost would be enormous. Accessing dark web forums, live incident response feeds, forensic analysis, and insights into cybercriminal and nation-state level activity requires significant resources and expertise. Fortunately, outsourcing these capabilities to an MDR provider significantly reduces the overhead and cost of accessing such tooling, making it a more practical and cost-effective solution for organizations.
Many big brands state they offer threat hunting capabilities, but their approach typically involves a limited set of telemetry, reactively investigating automated alerts, and relying on default detection rulesets included by their preferred EDR and Security Information Event Management (SIEM) vendor.
Boutique providers are more proactive than big brands as they know they have to work harder to attract and retain their clients. With teams recruited for their attacker mindset, they won’t be solely reliant on automated searches for IoC, and the default detection rulesets set by product vendors. Rather they’ll be researching, gathering threat intelligence, deconstructing zero-day malware, and using the Cyber Kill and MITRE ATT&CK frameworks to update and fine tune rulesets based on changes to the threat landscape. Additionally, they’ll be tailoring dark web monitoring to their client’s specific monitoring, for example, searching for company mentions that may include data from a breach, or industry specific breach reports.
They’ll be using human-led, hypothesis-driven investigations that incorporate current and historical data from their clients’ logs.
A boutique provider will also run simulations at periodic intervals, such as launching a ransomware attack (non-malicious) or simulating a Business Email Compromise (BEC) attack to demonstrate their capability to respond. Their clients are also allowed to run the same simulations to verify that they can detect and respond. You’ll find them responding all day, every day, providing high-touch engagement, detecting threats across endpoints, networks, and clouds, and executing effective incident response.
Incident Response
Incident response times and service levels agreements vary greatly between boutique providers and big brands with some simply offering alerts, reporting, and advice on what to do when an incident happens.
A recent report by e2e-assure , a managed TDR provider, found that buyers of cyber defense services such as SaaS want to pass more responsibility to their providers so they can gain faster decision-making (70%) and response times (68%), improve cost efficiencies (67%), and reduce the reliance on their team (63%).
To get the most out of an MDR provider, your priority should be containment, malware removal, remediation, and root cause analysis – to stop threats in their tracks – followed by alerts and reporting metrics.
MDR providers shouldn’t be waiting until a breach is discovered before calling in incident response experts. Acting before an intrusion has occurred is best practice as it limits damage and helps you identify any related malicious activity in other networks and systems. It’s why MDR providers work with incident response (IR) teams to streamline threat investigations, remediation, and recovery processes. And why it’s essential for you to confirm whether your prospective MDR provider’s IR team is in-house.
Boutique providers and big brands can outsource their IR support to third parties, especially if they’ve just begun to offer the service or as a way to lower overheads. Watch out for this as it can cause delays in response and remediation times – a stress few ITDMs and security managers care to accept.
Technical Support
Technical support is an important factor to consider when selecting an MDR provider. Boutique providers typically support an organization’s existing technologies so they can offer more personalized technical support services, which can be beneficial for organizations that need more guidance as they set up their systems and troubleshoot any issues. These firms may provide one-on-one consultations with technical / SOC engineers as part of the service level agreement.
In contrast, big brand providers tend to have more standardized technical support processes which provide clients with the same level of service regardless of their individual needs. They are often designed to fit around traditional managed security services – “ticketed” systems with a shared security model that requires clients to manage and investigate the resulting alerts. However, they often offer FAQs, tutorials and automated systems for user onboarding and troubleshooting which can be helpful for clients who don’t need a lot of handholding.
Innovation and Agility
The ability to innovate and stay agile is an important factor when selecting an MDR provider for your organization. As threats change, detection mechanisms should too, so you need to ask MDR providers about product roadmaps. A lot of providers present well but when it comes to delivery, they fall behind leaving clients frustrated especially when they find out they’re tied into “sticky” contracts.
Boutique providers tend to have smaller teams, vertical expertise, and better understanding of their client’s needs. As their business is only MDR and they don’t have the reputation of a big brand to fall back on, they also tend to be more attentive to changing client needs and industry trends. This means they can often develop or implement innovative solutions faster than big brands, providing their clients with the speed and agility to adapt their services as needed.
In contrast, big brands typically have more resources, and some can invest in longer-term research projects which may be beneficial for organizations that need advanced solutions. They also tend to have more established processes and procedures in place which can make them slower to respond to changes but faster to scale as their client demands increase. Many can also offer additional free resources such as security assessments, data insights, analytics and communities that help clients stay ahead of industry trends.
Technology Agnostic
Leading MDR providers, typically boutique firms, are technology agnostic, utilizing both their own tools and the native capabilities of different security tools to analyze data from all parts of an organization. This enables them to integrate with a variety of product vendors and offer a more customized multi-disciplinary approach to MDR which is highly agile, scalable, efficient, and effective. In contrast, big brands, aside from some of the largest tax, audit and risk giants (Big 5), tend to have more standardized technology solutions which are designed to provide clients with the same level of service regardless of their individual needs. These firms often offer a limited range of pre-integrated vendors but numerous APIs which is helpful if your organization doesn’t need much customization. Some will pin a vendor’s flag to their mast though, which means you’ll need to buy additional licensing for the MDR service to work. This may be wrapped up in the contact, and if it is, check it thoroughly as it can cause problems when it comes to switching providers or termination, as I’ll describe shortly.
Now I want to hear from you…
If you’ve already invested in an MDR solution, I’d love your insights. Please tell me are there any specific technology-related questions you wish you’d asked your provider before making the purchase?
Financial stress can actually lower your IQ?
Generali U.K. discovered that financial stress can cost you **13 IQ points**! This shift can move someone from average intelligence to a category called “broadline deficient.”
Flip it around, and reducing financial stress could boost someone of average intelligence into the “superior intelligence” range.
Why is this so important? When people are stressed about money, they:
- Make poorer decisions.
- Are less productive at work.
- Struggle to control their emotions and impulses.
In fact, the impact of financial stress is worse than losing a night's sleep. Anyone who's had a sleepless night knows how disabling it can be. Now, imagine dealing with that kind of cognitive impairment every single day.
A study from Princeton University found a similar result among Indian sugarcane farmers. These farmers scored 13 points lower on IQ tests before their annual harvest payment. The financial strain of making their annual salary last reduced their cognitive function. However, after receiving their lump sum payment, they could think long-term and make better decisions.
So, how does this relate to us in cyber?
Well for cyber leaders, these findings highlight the importance of understanding the psychological and cognitive factors that influence human behavior, especially in our industry.
Financial stress can affect anyone but is particularly relevant for:
- Career pivoters and entry-level professionals taking pay cuts to pursue new paths.
- Women experiencing wage gaps.
**For Cybersecurity Leaders:**
As leaders, it's crucial to recognize how financial stress can impact your team's performance and decision-making abilities.
1. **Fair Compensation**: Ensure that your team members are compensated fairly for their work, taking into account market rates and living costs.
2. **Supportive Policies**: Implement policies that support financial well-being, such as salary advances, financial planning assistance, and emergency funds.
3. **Open Communication**: Foster an environment where team members feel comfortable discussing financial concerns without fear of stigma or repercussions.
4. **Holistic Development**: Encourage and provide resources for continuous learning and development, helping team members build skills that enhance their career and financial stability.
By recognising and addressing the financial stress within your teams, you can improve their cognitive performance, decision-making capabilities, and overall productivity.
A financially healthy team is not only happier but also more innovative and effective in tackling cybersecurity challenges.
Let's create an environment where financial stress doesn't hold us back but rather allows us to thrive and innovate.
Please share, tag and let me know your thoughts on this.