Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
carbonblackRyan MurphyCARBONBLACK:E754C0FA1E7961108CCC65D872732DD6
HistoryJan 30, 2019 - 4:10 p.m.

How a Dedicated Focus on Clarity Can Relieve Disorganization, Distraction and Confusion in Infosec

2019-01-3016:10:28
Ryan Murphy
www.carbonblack.com
58
JSON

clar·i·ty

/ˈklerədē/

_noun

_the quality of being coherent and intelligible.

“For the sake of clarity, each of these strategies is dealt with separately”

  1. synonyms:
    |
  • lucidity, lucidness, clearness, perspicuity, intelligibility, comprehensibility, coherence;More
    —|—

It’s been three years on the road. Meeting with teams of all sizes and shapes. Teams with lots of money and people. Teams with one hand tied behind their backs and still swinging against the adversaries. It’s been crazy, rewarding, enlightening and one of the best learning experiences of my career. I get to learn so much from teams out there. So what makes the difference between a team that’s proactive and has a handle on prevention, detection and response and ones that don’t? For me it comes down to clarity.

The teams that seem to be positioned the best have a clear mission, vision and strategy to achieve that vision. That have looked within and without for guidance and done some infosec soul searching. They may have found the following to be true in their programs.

There is disorganization.

Disorganized people, process and technology. Maybe it’s too many things and not enough documentation. Maybe it’s too much data but no way to organize it. Maybe the program was strapped around an already disorganized organization and then this bleed through. Whatever it is we should be critical of our programs and look to drive out disorganization.

There are distractions.

You can see this manifest itself all the time in programs. A new attack happens and the team loses focus on the current set of goals. New research is released that may or may not be pertinent to your environment and the team gets distracted. A headline hits the papers and now you have to go have a meeting with leadership to explain why this may or may not happen to you. Alerts that are meaningless come in and it’s a big bowl of nothing, but you just spent three hours to figure that out. Some new vendor made a new thing and now you want to see if it will solve your problem. Focus on what’s important to you and your program not what’s important to everyone else. Focus on the mission and vision. Align work accordingly. Work to have your team “left alone” when they need to work.

There is confusion.

You see this all the time. Lack of clear communications. Lack of strategic goals. Lack of priorities. Teams and (often times) organizations are left confused by our plans and tactics. When you can’t clearly articulate where all of this is going people get confused and don’t want to participate. Do you have clear goals and clear dates? Do you speak with clarity? Do you train your team on effective communication strategies. I believe we have lots of work to do on our messaging and communications to be more effective as a group. After all, if you think about it we have been telling users to rotate passwords for at least 30 years and has it really had the impact we have wanted?

I love what Deepak Shopra has to say about these three legs and how we can get out of that world:

Let’s unpack these together and adapt them for our infosec programs:

Disorganization is solved by throwing out non-essentials and tending to the important things first.

I see teams work in this world all the time. If I am being perfectly honest with myself, I too have run in this world. Important long term goals take time and patience to achieve and sometimes we literally just want to accomplish something that makes us feel like we accomplished something. We dive back into something easy instead of leaning in to the essential things that do take time and effort. Changing a culture is hard. Changing people is hard but aren’t those the big changes we need to even have an effective program? Put down the small infosec things that don’t move the needle. Instead focus on the bigger picture and tend to the important projects that move the needle the most. Multi-factor authentication pops to mind for me on this one.

Confusion is solved by getting your priorities straight.

Similarly and closely linked to disorganization is confusion. We have to be extremely clear about our vision and our missions. We need to set clear achievable goals for our programs, our teams and our organizations. Do you currently know what the definition of success for your program is? If not start there and come up with strategic priorities that rarely move. Stick to your strategic plan. There are plenty of resources on the net available to help you with strategic planning.

Here’s a good place to start: https://www.balancedscorecard.org/BSC-Basics/Strategic-Planning-Basics

Distraction is solved by getting better at focusing your attention.

I think this is easily one of the hardest things to eliminate from your program. It will take a team to maintain focus and know that sometimes you have to let things drop. That latest research - you may miss that for the sake of accomplishing a project. The drama on Twitter about Derby Con - you might have to miss that too. That cool new attack that hits Linux and you want to know what it is and how it works but your shop is Windows and Mac - yeah. you may need to just skip it. This is incredibly hard as a team. This is hard as a human.

We have a device in our pocket that constantly notifies us. You may pick it up to read an email and end up losing an hour. A business leader may send an email asking you about something that has nothing to do with a real security issue, or it may and guess what your whole schedule changes on a dime. The is a disciplined practice and to be successful I think you need to make it a core tenant of your program. You, as the leader, will need to be disciplined in your approach to help show the rest of the team this can be done. Find your infosec true north and keep marching towards it. Be OK that you are going to miss some things. Don’t worry about a fear of missing out. If someone asks, respond with: “yeah we were busy working we didn’t have time for that.”

Minimize Disorganization, Confusion and Distraction. Look to align your technology choices the same. Do they help minimize those or add to them?

These are common themes I see for teams out there. Hopefully taking some time to reflect on your own program helps to provide you the clarity you need to drive your program.

The post How a Dedicated Focus on Clarity Can Relieve Disorganization, Distraction and Confusion in Infosec appeared first on Carbon Black.

JSON