IT professionals need skills mix to address emerging network and data security demands

Featured article by Tom Gilheany, product manager, CISSP, Cisco Systems

Once upon a time in IT, it was enough to build a strong high wall around the enterprise garden. Build it sturdy enough, and the organization’s network and information would be safe.

These days, the wall alone will not work. The modern approach goes far beyond simple architecture and perimeter controls. It mandates an additional focus on security operations, which includes making all employees, regardless of job title, part of the security effort. Cybercriminals are no longer just clawing at the front door. They are undermining bricks, tunneling under walls and launching Trojan horses. Then there are potential insider threats. The worst of these, because they cannot be predicted or averted, are unintentional and arise out of error, ignorance or just plain carelessness.

New security threats, however, do not require a total revamp of security technology. Instead, organizations need a mix of old and new technology plus IT professionals with the right sets of skills to monitor threats actively and continuously. Safeguarding organizations today involves a multipronged approach that uses “guards” to monitor, detect and respond to threats across the entire network as they occur, and takes advantage of evolving technologies, such as Internet of Things, Big Data and analytics.

People: The first line of defense

To properly secure today’s organization, security teams must be plugged into people just as much as they are into the network. These teams must be an active part of the business because when they are, they are more easily able to attain the human intelligence that reduces risk and adds context into whether something is appropriate or suspicious.

The security team needs to earn the trust and partnership of the business units so they can work together to secure the organization. If not, the security team can become isolated and perceived as a hall monitor, appearing only to point out colleagues’ mistakes. This situation prevents business units from reaching out to the security team with information, and it dampens the “if you see something, say something” approach that is holistic to security.

Ultimately, the security team must communicate with everyone because security truly is everyone’s job. This means IT professionals more than ever need so-called soft skills that can make the difference between success and failure at communicating security concepts and practices to the business units. Such skills include the ability to:

– Think of colleagues within the organization as customers and provide the highest level of customer service to them.

– Understand and use active listening skills, especially with customers.

– Articulate complex concepts both written and verbally in a clear manner.

– Communicate effectively with management and customers.

– Work together as a team alongside business managers and IT staff to tackle complex security issues.

As an example of the operational shift from Information security as an isolated department to cybersecurity as integral to everyone’s job, compare two types of security guards. The first, the smart guard, is a longstanding employee of the company. The second is a temp guard. The smart guard knows the owner, knows how the building’s configuration has changed over the years, and knows the delivery people and employees’ identities. The smart guard knows instantly when something is amiss.

Smart guards also need hardened walls

Even more important, the smart guard is known and trusted by those who work at the office. When employees see things that don’t look right (“That car tailgated me into the parking lot, and the driver didn’t use an access card”), they share that information with the smart guard, who uses it to perform a knowledgeable check.

By contrast, the temp guard is more likely to be unfamiliar with the property, to perform only cursory checks of the property based on a building diagram that may be out of date, and most likely lacks the relationships with the staff and familiarity the property to notice when something is out of place.

Along with smart guards, analytics and Big Data capabilities are a major part of today’s cyber defense. Making the entire network as a sensor allows Information Security personnel to spot the needles in the haystack and hone in on malicious activity that must be shut down. This is vastly different from sifting through alarms by hand. The ability to pull actionable data from the network is critical to cybersecurity today.

The pervasive level of network visibility available with today’s technology is critical in protecting against threats and is a core element in today’s cybersecurity arsenal. Today’s ability to leverage and tune an analytics engine reveals just the security data an organization is looking for, and it permits admins to use a triaged approach to gain actionable intelligence, sorted in order of criticality

Implementing this shift in defense tactics requires new skill sets in IT professionals. The industry is looking for workers who take a holistic view and are capable of monitoring and analyzing threat intelligence from across the network. As a result, security teams today must focus on more than the infrastructure or individual systems alone. To capitalize on technology that enables network visibility, security staff must have knowledge of what normal network activity looks like, and they must be able to spot anything that deviates from it. The ability to separate out normal behavior from abnormal gives security teams the advantage of designing defense systems that know what to beware of. The era of the static IT guy who enters various rules into a set-it-and-forget-it system is over.

The multidiscipline approach of the future

Hardened security will always be necessary for organizations to protect their infrastructure. With the advent of technologies such as cloud, IoT, automation, and network programmability, however, it is absolutely critical that security be embedded in the fabric and information flow of an organization. Security staffs today require engineers with the skills and awareness to design, deploy, and manage an operations approach to security.

By combining fortified walls with smart guards with the right IT skills and awareness throughout the infrastructure, organizations can implement a multidiscipline approach that protects their most sensitive data.

Tom Gilheany, Product Manager, Learning@Cisco

Tom Gilheany is Cisco’s Product Manager for Security Training and Certifications.  He has a diverse background in startups through multinational Fortune 100 companies. Combining over 20 years of product management and technical marketing positions, and over a dozen years in IT sand Operations, he has conducted nearly 50 product launches in emerging technologies, cybersecurity, and telecommunications.  Tom holds a CISSP, an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.