Friday, August 15, 2014

Help Wanted: Top-Notch Security Professionals (a manifesto...kind of)

My thoughts on what a top-notch security professional looks like. Contact me if you think you are this professional, or you want to become this professional :-)

Is expert in the field of threat intelligence and response, deeply knowledgable of a wide range of technologies and methods for collecting and acting on threat intelligence. Is expert in networking protocols. Is capable of rapidly crafting custom detection signatures to detect attacks for which no signatures exist. Is capable of creating custom threat intelligence and response systems to fill gaps where commercial systems are sub-optimal or non-existent. Is expert in identifying attacks within network traffic, effectively filtering signal from noise such that false positives and false negatives are very low. Expert in navigating complex enterprise computing and network environments. Is able to discern the magnitude of threats. Is competent in analyzing large amounts of data and building software to automate analysis.

Is self-motivated, requiring only high-level strategic direction.  Does not require day-to-day instruction. Knows what needs to be done based on the strategic objectives and actions of the threat actors and changes occurring in the environment. Initiates projects to progress the effectiveness of the threat intelligence program, inventing and enhancing threat intelligence systems and methods. These systems and methods serve as the foundation through which others fulfill collection, detection, analysis, and response work. Is a source of strong program and technical influence to others in the team. Mentors others in the team in the craft of threat intelligence and response. Has strong connections in the financial threat intelligence industry and leverages those connections to gain better intelligence and to learn better methods of threat intelligence and response. Is an effective communicator, both verbal and written.

Is highly productive in detecting and responding to threats and in creating frameworks that improve the effectiveness and efficiency in which others detect and respond to threats. Capability to rapidly context switch a must.

Typically has 10+ years in information security, with a three or more years in threat intelligence and response. Is highly competent in skills necessary for effective threat intelligence, including network routing, network protocols, system engineering, protocol analysis, attack signature development, coding, and data analysis.