I come from an IT operations background. I was a “good security neighbor,” which led me into the security sector, where I learned most of what I know today by osmosis. That process was not always linear and not always easy. Security rarely is. Dedicated mentorship may have expedited my transformation from InfoSec “n00b” to quasi-ninja.
With young (and not so young) professionals entering our field, there is a lot of learning to do. That means there is also a lot of mentoring to do. The “learn-by-osmosis” method shouldn’t be the primary vehicle for learning (though it certainly has its role.)
When we get a question across our feeds, sometimes it is security-101-type stuff. And while that can be frustrating, it’s an opportunity for “senior” professionals, like me, to be less: “Get off my lawn” and more: “That’s a great question. Let me show you how I think we might be able to solve that problem.”
It’s no secret that one of the biggest issues to address in security right now is “the people.” We hear it all the time. “There isn’t enough talent to keep up!” “Where are all the security workers?” “Do we have the right people in the right seats?” “Do we even have ENOUGH people in security?”
In my view, security is the new IT. IT has budget, it has tiers and it’s part of the overall business model. Similarly, adversaries have budgets that support multiple tiers of their businesses. Yes, I said “businesses.”
To compete and move past these adversaries, we should not only be investing our budgets into the lower “tiers” of our security programs but our mentorship and our time as well. Tomorrow’s security leaders are probably asking the security-101 questions today. Spend some time with them. Help them learn. Even if their questions are standard security stuff. Help them find their security “DNA.”
If you are a Bit9 + Carbon Black partner, customer, or qualified prospect, please come join me in our online community, in the group called “Security Workers of Tomorrow.” And if you’re not, I encourage you to drive this conversation in whatever communities and forums you participate.
We need to build a new kind of informed workforce. This year, let’s start brainstorming and laying the foundation.