Cybersecurity is a Team Sport
The security team’s job gets easier when everyone understands the risk
Free Content on Jobs in Cybersecurity | Sign up for the Email List
2nd Sight Lab’s mission is to help organizations prevent and reduce the cost of data breaches. That’s why we post cybersecurity and cloud security blogs, I wrote a cybersecurity book for executives, and we teach cybersecurity to organizations that want to improve cybersecurity across the board.
We are working on a class for individuals with basic cloud security and no labs that anyone can take. However, if someone is telling me that they are the only one in the company to which the information in 2nd Sight Lab cybersecurity training is applicable, I become concerned for the well-being of that organization from a cybersecurity perspective. A comment like that led me to write this post: Cybersecurity is a Team Sport. I want to help others understand that you cannot do it alone in cybersecurity. It is impossible. That is one of the main reasons we teach our classes to teams.
If you are the only one who understands cybersecurity in your organization and how to improve it, you will fight an uphill battle from many perspectives. First of all, you won’t be able to convince people to take the right actions because they won’t understand the risks. They also have different objectives, perspectives, and priorities. Next, you’ll be fighting with product and program managers who want to ship and cybersecurity just feels like overhead. When you do create a policy you won’t be able to enforce it because people will rebel and top executives won’t understand why it matters.
Developers need to understand cybersecurity before, during, and after building something. They also need to understand why you need a separate security team. They need to and can understand threat modeling when designing systems and applications.
Testers need to understand what to test when it comes to cybersecurity. There is no reason a QA team cannot test for basic cybersecurity flaws and vulnerabilities. They have just not received training to do so.
Managers need to make better decisions when it comes to cybersecurity instead of letting people do whatever they want for the sake of getting the job done.
Executives need to understand and be able to measure risk at a basic level so they can help enforce effective cybersecurity policies and incentivize cybersecurity in ways that still allow the organization to thrive and innovate.
Everyone needs to understand How to Think About Security. Build a cybersecurity culture in your organization.
You can’t argue with people in the five minutes you have to convince them to do something in a way that won’t produce a cybersecurity gap. Cybersecurity is not a five-minute explanation or discussion. Once people have more information about the risks that come from their actions, they tend to make better decisions (but not always). You’ll have a better chance though, if people are well-informed.
One example I always use in class is a luggage scanner at an airport. It’s annoying and slows you down. But once everyone understands the risk — someone may take a bomb or a weapon on a plane — they are more apt to accept the additional overhead.
The other bottom line is that it’s not cost-effective for 2nd Sight Lab to train one person due to how we teach our classes. We build out a separate infrastructure for each session. That provides a more secure environment for the organizations to whom we teach. We also have people test our labs and edit our materials. It costs a lot of time and money to produce high-quality classes, as explained in another post.
We are also pragmatic and have enough experience to understand people and what will happen when we deliver our materials to a general audience. Although we have written into contracts with organizations and legal agreements when students sign into our class portal where they agree not to share the material, I know of many cases where that happens with my competitors’ materials and my own.
People take class materials back and share them internally at companies. You can even find the materials for sale on eBay. No matter what you do to protect written and other types of content through legal means, people steal it or share it anyway — even though they are taking a cybersecurity class in a field that is all about trust.
I recently saw my cybersecurity book existed for free on a site. Really?! It only costs $9.99 on Amazon for the Kindle format! The website took it down when I flagged it, but that is very disheartening. You put in a year of your life, and that individual could care less. I’ve heard other instructors talk about taking classes from other people and then sharing it in classes I took. So I know that as soon as someone hears what we say or reads what we write, they will be using it for their own purposes — intentionally or not, with or without crediting the source.
For our purposes, we deal with this by only teaching for a dollar amount to credible organizations. If someone is going to steal it, we at least got an acceptable amount of money that makes it worth the time and effort. It is easy to tell who exposed the materials if they surface since each class is updated and slightly different.
That said, if you are taking 2nd Sight Lab classes and not going back and informing others within your company what you learned, then I would hate to have you take our training and waste your money. The information, though not the specific class materials, should be shared within the organization that paid for the training. Students should take them back and create policies and hold internal training sessions to inform people about cybersecurity risks and raise security awareness across the board.
Those are the reasons 2nd Sight Lab teaches our classes to Teams and Organizations instead of individuals. We want to help companies prevent data breaches, not simply inform one person so they can get a new job. There are other sources for that type of training. And that is an excellent decision for an individual. I did it and highly recommend it if you want to move into cybersecurity, and your company won’t arrange a class through 2nd Sight Lab.
You can find many resources, including cybersecurity degree programs at universities. Some of those options did not exist in the past. Perhaps one of those universities will pick up the 2nd Sight Lab class content to reteach it in the future. Who knows? We may be able to justify that under certain circumstances.
For now, we teach to teams at organizations who need to work together to stop data breaches. Our classes may also provide the most value to organizations, considering the cost of some other security classes. For the same amount of money, you can train more people and strengthen the cybersecurity culture at your organization. We cover a lot of ground in our classes. I hope you will be able to join us in a class soon!
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2021
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
