We all have our favorite places, whether they be restaurants, stores, parks, museums, or something else entirely. One question I sometimes ask myself is how I originally learned of a particular place. Sometimes, it is because a friend or colleague recommended it. Other times, I spent some time researching and came to the conclusion that a given place was worth a shot. And yet, in some cases, I simply stumbled onto a great place accidentally.
So, is stumbling onto a great place an art, a science, or a complete stroke of luck? And further, what does this have to do with security? Let’s explore these questions as we seek to understand five reasons why the art of stumbling onto a great place can teach us how to improve our security programs.
1. Foster the right environment: There are exceptions, but most great discoveries happen when people are given the latitude to be creative. As an example, consider the discovery of plastic. Most of us would find it difficult to imagine modern life without plastic, however, its discovery was completely accidental. There is an analogous situation in security. A clever security professional working in the right environment with the right tools and data can discover amazing things. A lingering intrusion that may have previously gone undetected. A new way of approaching a long standing issue or challenge. A better technology to improve workflow and efficiency. Granted, any security organization has a long list of tasks that need attention, and no one can be given total freedom. That being said, it is important to find areas where members of the security team can be given the necessary room to discover great things.
2. Check for cars in the parking lot: My Grandfather once gave me a great piece of advice. He told me, “never eat in a restaurant that has no cars in the parking lot.” One secret to making great accidental discoveries is to look for informative clues. The same is true in security. Perhaps there is some new network traffic pattern that just doesn’t seem to make sense. Or perhaps a given process has slowed or ground to a halt. Or perhaps a particular control has become quite cumbersome, pushing people to look for ways to bypass it. In these and other situations, a small clue can tip the security team off to a larger issue that needs to be investigated, understood, and addressed. This requires being alert and tuned into what’s going on around us.
3. Examine operations with a critical eye: Whether I’m looking at office space, a restaurant, or an event space, I always check out the bathrooms. What is my reasoning for doing so? Bathrooms are exposed and public-facing. While not everyone can enter the management area of an office space, the kitchen of a restaurant, or the command center of an event space, everyone has access to the bathrooms at all of these places. In my experience, if a bathroom is dirty, out of supplies, or not properly maintained, it correlates strongly with how well or poorly a place is run. The same is true in security. How well a security program is run correlates strongly to its success. If there are signs that the security program is not particularly well run, they need to be addressed. Otherwise, the security program will most likely continue to struggle in achieving its goals.
4. Check out your surroundings: While there are surely some great places in some pretty awful neighborhoods, a place’s surroundings are often an important clue as to whether or not it is a wise choice. A security program’s executive leadership, peer group, and stakeholders influence it tremendously. If those influences are focused on the appropriate strategy, provide the necessary resources, enrich the team’s capabilities, and encourage progress towards achieving goals, they can help the security team tremendously. However, if the security team’s surroundings are decidedly lacking the proper support and encouragement, it’s unlikely that the security team will be able to achieve its goals.
5. Look at the clientele: Did you ever walk into a place and get the creeps from the people hanging out there? You’re not alone. It’s usually a good hint that you might want to keep moving. The people that associate themselves with a given place say a lot about the place itself. If the security team is not full of dedicated, talented, and hard working staff, it will be difficult for it to move forward and make progress. Further, aside from the qualities and capabilities of individual team members, the team needs to work together efficiently and constructively. If not, it’s a strong indication that the security program is not on track. This also speaks to the importance of both recruiting the right talent and retaining it once on board.
Stumbling onto a great place is really an art if you think about it. Setting up the right conditions and environment is central to the art of successfully finding a great place accidentally, and all five points are necessary. If any of them are missing, it can throw everything off balance. Similarly, in security, if we want our respective security teams to master the art of stumbling onto great findings, we need to create the right surroundings to foster that.
Joshua Goldfarb (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently Co-Founder and Chief Product Officer at IDRRA and also serves as Security Advisor to ExtraHop. Prior to joining IDRRA, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.
Tags: 
