What distinguishes a defender from a pretender? What is it that drives a select group of cybersecurity professionals to consistently go the extra mile and perform at levels that their peers don’t?
After nearly three decades in cybersecurity, I believe I can spot a true defender. I even know what makes them tick.
Individuals truly dedicated to defending and protecting their customers with passion possess a unique set of characteristics. Great defenders are:
- Relentlessly critical thinkers
- Curious with a purpose
- Steeped in fortitude
- Creative solvers
- Willing to suffer
Defense fascinates me
As a kid, like most boys in the Midwest, I’d play Army with my brothers and the neighborhood kids. As we’d defend our position, I always wanted to be the last ‘man’ standing between the attacking army (usually a burly, snot-nosed kid I’ll call David) and the objective or HQ (usually a huge black walnut tree in our backyard). Whether due to a burgeoning hero complex or a penchant for dodging fake bullets, I always wanted to be the last line of defense between an attacker and the innocent no matter what. There wasn’t a strategy or tactic I wouldn’t utilize to defend and protect my HQ! Even if that meant David went home with a tear in his eye.
During my tenure as a professional security instructor, I trained literally thousands of people in cybersecurity technologies and best practices. To be a certified instructor requires the highest level of certification. Consequently, you might think that security types focused on certification attainment would be the best practitioners based on their ability to pass exams and demonstrate competency. Right? Not necessarily. More often than not, the highest caliber cybersecurity defenders weren’t certification jockeys at all. REAL defenders displayed a unique aptitude and skill set. Without being overly dramatic, they simply seemed to care more about active defense than their peers.
What makes a defender
Good defenders know how to maintain their readiness. There are common attributes, aptitudes, and personal disciplines reliable defenders possess. I’ll use the acronym LIFT to illustrate what the best defenders do every day without ceasing.
The threat landscape shifts and evolves continuously. If you’re not constantly learning about your enemy and his movements, you’ll lose the battle and maybe the war. Competence in cybersecurity is key. Again, not just the attainment of competency but the application that is most important. I’ve dabbled with scripts and hacked a smidge in my day, but in the end I always wanted my skills to be equal to any attacker who came my way. I knew that attaining degrees, certifications, experience, and professional mentors were all mandatory in my quest to become a defender. It was imperative that I “out learn” my adversaries.
Always be ready to change your approach, your tool kit, your paradigms. Don’t interpret this to mean that new things are always best. Things that work are always best. Don’t maintain the status quo and let your guard down assuming that the competencies or knowledge you gained 15 years ago are applicable to today’s threats. Artificial intelligence and machine learning are fantastic tools until they are aimed at the organization you are defending. Defenders must continuously innovate, improvise, and adapt.
Your focus must shift as traditional paradigms devolve, morph, and are redefined. I became an expert in firewall technologies early in my career because the threat landscape demanded it. Later as new computing platforms were developed, and as IoT and shadow IT became a reality, I refocused my energy on new and emerging threat vectors. The lesson for defenders is that in in the era of defined perimeters, it was fairly easy to know where your focus should lie. Today there are no perimeters and a focused defender is ready.
I can’t begin to count the hours I spent learning how attackers utilize their tool kits to breach or disrupt processing, communications, business, and commerce. A true defender thinks, and more importantly acts, beyond just getting the job done. Defenders never know where the next attack will come from. Yet, those with tenacity refuse to be surprised or caught off-guard. Your sensors alert you to a potential breach. Run it down completely. Your AV triggers on malware. Sanitize every device. DO NOT STOP.
If you don’t know what you need to know to be a true defender – LEARN it. If your approach is stale – INNOVATE. If you are all over the place and losing ground – FOCUS. And finally, you have a will; be TENACIOUS and refuse to ever be overcome or defeated.
If you’re looking for defenders to mind the walls of your organization, look for those who have a hunger to learn, a desire to innovate, a laser focus, and a level of tenacity others do not. Look for those who want to be relied on as the battle rages. Someone who is ALWAYS willing to be the last person standing.