There are many myths in the world of cyber and network defense, especially when it comes to creating a top-notch organization. A recent Boeing blog post seeks to dispel the most common ones.

A recent Boeing blog entry discusses the myths related to building world-class network defense organizations. It summarizes how Boeing’s cyber-security arm has helped many organizations across the globe enhance their cyber-security posture. In reading the article, it got me thinking about my own 15+ year experience in the cyber-security realm. I really think this quote from the blog summarizes everything:Our own experience has taught us that alignment between processes, technologies and people is the exercise to identifying distractions and implementing focus.”All the best cyber-defense technology in the world won’t help you if there is no alignment between people, process AND technology. But, as the blog points out, there are some myths that seem to hold-back organizations from reaching their potential. Each myth provides its own case study to provide concrete example of how the Boeing team helped and organization change their mindset. The three myths are as follows:

  • Myth #1: “We have smart people. We can wing it. No framework or processes necessary.”
  • Myth #2: “Customizing our tools for increased visibility will create more noise for our already over-allocated team.”
  • Myth #3: “Network defenders are all cut from the same cloth.”

Additionally, the blog provides some additional insights on people, process and technology which I think are worth sharing.

  • “The truth about people: Process and technology can be taught but a hunger to keep learning is a gift. Focus on hiring talent that displays an analytical mindset.”
  • “The truth about processes: You can outpace your adversaries if you all focus on the right things.”
  • “The truth about technology: More visibility means more opportunities for focus.”

For further advanced reading on this, to include the following technical topics:

  • CND
  • SIEM
  • Log collection
  • Threat Correlation
  • Vulnerability Analysis
  • Fusion Analysis
  • Much more

See Mitre’s free ebook about building and running world-class cyber-security operations centers.

Questions to consider:

  1. Do you agree with the myths?
  2. What myths would you add to the list?
  3. What are you doing to drive focus and clarity of mission in your cyber-defensive organization?
  4. Are you hiring the right talent for your organization?

V/r
Kevin

References
Image: http://www.intellectualpoint.com/blog/wp-content/uploads/2016/03/SOC-and-NOC.jpg