Last week I wrote about a powerful, non-technical cybersecurity tool - RSS Readers. I’m sticking with the theme of non-technical cybersecurity tools today; and focused on the most important one of all. That is our mindset, the way we approach our work in cybersecurity. I tend to think about this in terms of what value we are bringing to our team, how we are continually improving our knowledge and skills, and the happy crossover of those things.
I’ve got a short list for this topic, but everything on it is pure gold level advice. And of course you should have a (very) skeptical mindset about that statement and make your own call on how accurate (or not) that is. Anyway, here’s my Cybersecurity Mindset short list:
Spend time learning your organization's environment - as it does in penetration testing, this means the people, processes, and technologies.
Spend time learning the cybersecurity tools - the ones you will work with daily in your role, and as much about others used by other teams within cyber as you can.
Learn what's normal in the organization - what applications are in use, how is the network structured and segmented, and which teams and individuals you need to interact with most often (knowing who to talk to can be half the battle in getting something done),
Most of all, learn what normal user behavior and actions look like - which users or teams have legitimate IT admin roles and use IT tools and command that fit an admin role, for example.
Develop a logical, troubleshooting approach when working on an issue or monitoring alerts. A non-cyber example of this would be a network issue where a user cannot connect to the company network. We start with the physical - checking that the network cable is seated firmly in their computer’s network port, and that the patch cable for that network drop connected in the patch panel, and if those are good, moving on to potential network configuration problems on the PC.
Make use of relevant context here as well. There are not a whole lot of coincidences when it comes to cyber or IT problems. If a network server just had a new application installed and shortly afterwards exhibits “not normal” behavior or lags in performance, looking at the new application is the starting point.
Be curious - learn from talking with people in other areas of cyber and from people in IT, OT, the network team, and cybersecurity and digital architects.
Be a team player - don't hoard knowledge to try to become a star.
Always be learning - read, watch webinars, take training opportunities whenever you can, and follow smart people at work and outside of work.
Learn about generative AI tools. These are already having a huge impact in the cybersecurity field and in just about all aspects of our work and personal lives. I believe we are already at a point where the job candidate with some AI knowledge will get the job over candidates who don’t; and the same goes for getting promoted. More on this here:
That’s my Cybersecurity Mindset list. What’s yours? What would you add or take away?
Patrick, you are absolutely correct! Your daily - hourly - mindset is a key tool for one's success as a security professional. Well done!