Navigating the Gatekeepers of Cybersecurity

Key Takeaways

#1: Thoroughly Resolve Security Incidents During Post-Mortems

Shanief shared a story about malware that resurfaced after years to haunt a former employer. In this instance, an infected virtual machine had sat idle for years. The company had diagnosed the issue at one point and shut down the computer. But, nobody removed the malware. The unfinished action items caused another incident years down the line. Stories like these reinforce why remediating issues entirely during post-mortems is essential for a strong security posture.

#2: Detection-as-Code Reduces the Cost of False Positives

Visibility is expensive. Investigating false positive events, where there is no actual compromise, adds to the expense. The security industry constantly automates and improves its detection capabilities to combat false positives. Shanief provides an example of using automation to gauge the effectiveness of a phishing attempt. If a user is detected opening a phishing email, but no POST request is sent to the malicious server, then the user is probably not compromised. Chaining together security events can help teams reduce the number of false positives they investigate.

#3: Practitioners Can Help Others Overcome Security Gatekeepers

You’ve probably heard about the global cybersecurity talent shortage. It has become a catch-22 situation, where would-be practitioners cannot gain the necessary experience to land security jobs due to their lack of experience. Shanief suggests that current practitioners mentor others on overcoming the gatekeeping nature of cybersecurity roles. He also offers several hands-on methods for gaining knowledge while working towards a career in security.

Interested in talking security with me? Reach out to me on LinkedIn.