Your Kids Sports team is better managed than your Cyber Team.
By James Gorman, CISO, Authx
Your Kid’s Hockey team has better management than your Cyber Security team. Really, I am not kidding. How do I know? Let’s start with – your kid’s team has a coach, a plan, a practice schedule, and goals. Can you honestly say that about your Cyber Security team?
Your kid’s hockey team has a coach – who has some level of competency – in USA Hockey – they have to be at a certain level; for most, it is a level 3 that makes sure you have a base knowledge and understanding of the rule. In most organizations, there is not a specific person designated to be the “coach” of the incident response team, or is there a clearly defined person that will quarterback the incident response team? Is your lead technologist also the Incident Response Manager? Is that the right mix of responsibilities? There is nothing worse in the thick of an incident than not knowing who is in charge or who has the authority to make the difficult calls. Also, most of the kids I used to coach had outside coaches – to help them improve the basics. So you need to have designated roles and responsibilities, an experienced coach, and outside trainers to reach the management level of your kid’s hockey team. Outside and ongoing training and a culture of learning are critical to growing Cyberteams. How is your team stacking up so far?
Your kid’s hockey team has a game plan – or a playbook. They know where they are supposed to line up and what the objective depending on the game circumstance. If there is no formal plan, as is the case in most organizations or worse – on a shelf, file server, or website, no one has looked at it since. A contractor wrote it for an audit that happened so long ago; the person or consultant who wrote it is on their 3rd job since the audit ended. Without a plan, when the time comes to respond, there is chaos. People with no direction lead to wasted valuable time and not minimizing or eliminating the impact of an incident and it’s cost to your business. A viable plan is critical to the timely execution of your cyber defenses.
All kid’s teams have a practice schedule. If your kid’s team said – nope, no practices, just games, you would expect to lose every time to teams that practice. Your Cyberteam needs to have a regularly scheduled practice. At a minimum, you need to exercise the incident plan with a “tabletop” simulation at least once a month. The boilerplate template you used for your Incident Management Plan likely calls for an annual test of the plan. In today’s rapidly changing IT environment, you should exercise the plan and update it with lessons learned every month. The Cyber Hackers are out there, and every day they are knocking at your doors. What happens at the outset of an ongoing attack will mitigate the lasting effects. If you stumble or fumble initially, you beg for lasting consequences and maybe even front-page news. Just ask the teams at some of the recent highly publicized hacks.
All kid’s teams have goals. When I was coaching kids’ teams, I would have three goals for a game. Usually, situational goals had to do with scoring first or not taking any penalties, winning 51%+ of faceoffs, with the over-arching aspiration being the main “goal” – having fun. For your Cyberteam, your overarching goal should be to StayHackFree – remember, it is not a goal – it is an aspiration. Each month you should have or situational goals for your team. For example, one month could be improving the amount of Endpoint Protection deployed. Another week it could be who can find the error in the incident response plan. Consistently looking for ways to strengthen your threat posture or reduce your organization’s attack surface is the point of the situational goals. It would be best to have situational and over-arching goals, but goals need to be tangible, measurable, and specific.
So, to sum up. Use the model of your kid’s sports teams to improve your cyber defense posture vastly. There is no reason not to have a point person or coach lead your incident response team. You must have a plan and know where to start before an incident happens. Frequent practice sessions and tabletop exercises with lessons learned are a must. Setting situational goals to improve your defense posture is critical to being prepared for all comers. Get a coach, get a plan, practice the plan, and have goals to StayHackFree.
About the Author
James Gorman CISO, Authx
James is a solutions-driven, results-focused technologist and entrepreneur with experience securing, designing, building, deploying and maintaining large-scale, mission-critical applications and networks. Over the last 15 years he has lead teams through multiple NIST, ISO, PCI, and HITRUST compliance audits. As a consultant, he has helped multiple companies formulate their strategy for compliance and infrastructure scalability. His previous leadership roles include CISO, VP of Network Operations & Engineering, CTO, VP of Operations, Founder & Principal Consultant, Vice President and CEO at companies such as GE, Epoch Internet, NETtel, Cable and Wireless, SecureNet, and Transaction Network Services.