The perfect recipe for a top-notch cybersecurity professional
Gumbo is a dish that has certain core ingredients that all dishes must have but also other ingredients that make it special. Much like gumbo requires stock, roux, okra, filé powder, meat and/or shellfish, celery, onions, and bell peppers; excellent cyber security specialists must, in my opinion, be able to work with Nessus, Nmap, have knowledge of cloud security, Splunk, and SNORT.
Additionally, they must have business and personal skills, demonstrate multidisciplinary and multi-dimensional thinking, have a drive to learn, and most importantly, have integrity.
This is how we must create our cyber specialists, by creating cyber gumbo.
In this evolving technically connected world, no profession is more needed than top-notch cybersecurity professionals. But how can you build what is in great demand?
This is a great question and one that I have a recipe to create for the ultimate professional. I understand that others may have a different recipe, but this one is proven to please the palates of customers around the country. Please note that as with any great recipe, you must have the right ingredients, but the order of adding them to the mix may depend on other circumstances such as the problem being solved, the technological environment, and business climate.
From a technical perspective, every cyber security professional must have a few core ingredients. The first ingredient is a tool such as Nessus, which is for network vulnerability scanning. A cybersecurity professional must be able to use this tool to gain an understanding of critical and high vulnerabilities within a network and provide remediation strategies to improve boundary security.
The second would then be Nmap, which is a network mapping tool that allows cybersecurity professionals to map the boundary of a network to research vulnerable points of that same network.
A new ingredient that has become more necessary and commonly used in the last few years is the knowledge of cloud security. Technical knowledge of cloud architecture enables cybersecurity professionals to focus on Identity management for cloud systems and accounts.
The final two core ingredients that must be a part of this gumbo is Splunk or similar SIEM (Security Identification and Event Management) technologies and intrusion detection tools such as SNORT.
Additionally, incorporating the ingredients encompassing programming skills and bash scripting facilitate the understanding of programming languages. This allows professionals to conduct malware analysis during investigations.
All of these ingredients are essential to the creation of a cyber professional, but to make a truly great cyber professional, you must also incorporate the business and personal skills to the mix.
One of the first ingredients that you must add from this category of ingredients is intellectual curiosity. To prevent a cyber-attack, one must anticipate vulnerabilities, attack strategies, and areas that others would not ordinarily regard.
Another ingredient that must be added to the mix is tenacity and confidence. I believe a cyber professional must imagine the attacker and see them as a threat to all that the cyber professional is protecting. This ingredient is critical to ensuring that the posture of the cybersecurity professional is one of aggression, confidence, and proactively preventing attacks.
After adding these two ingredients, a heaping amount of multidisciplinary thinking must be added and mixed in thoroughly. The new cyber professional must think about the value of information.
I need my cyber professional to think about what data is most valuable and to whom. I want my cyber professionals to think about laws that could be leveraged (e.g., Healthcare), transactions that could be made (e.g., stock trades), or information that could be used to shift the fortunes of businesses and politics.
We now need cyber professionals who want to read the Wall Street Journal and Cyber Magazine, while watching CNN, Fox business, and CSPANN. Why is this ingredient so key? It is needed to keep the cyber professional always thinking about the direct and indirect targets. Remember, the indirect targets lead to the richness of the direct targets.
Like most good cooks, one must taste the gumbo to see what is missing. If one tasted this mix, we would see that a few ingredients are still missing and therefore, must add to it creatively.
The attackers know the technologies used by our cybersecurity professionals to protect us. So, why would they attack using traditional methods? As creative as the cyber attackers can be, we must create cyber professionals that think multi-dimensionally. This ingredient allows our cyber professional to see a printer, camera, refrigerator, and oven as a threat.
Another key ingredient to my mix is the ability to learn. I want someone who is not satisfied with a certification but wants to read, share, mentor, and be mentored by others. I want my cyber professional to want a lab to experiment while having an insatiable desire to dissect an attack that succeeded.
The last ingredient that holds the entire mix together is integrity. A cyber professional without integrity is a disguised hacker. It is the one thing that separates the ethical from the unethical. As we say at Enlightened, integrity is doing the right thing when no one else is looking.
To make the ultimate cyber gumbo, mix these ingredients together well. Then place the mixture on the stove called the job, next to a mentor that can show them how to take the heat. You must be patient with the mix and allow the heat to cook as necessary. For the last cooking instruction, please remember that the heat does not need to be turned down, but always watch and turn the cyber professional such that they are not burnt (out). If heated well and thoroughly, you’ll have cyber gumbo that meets your needs.