Building the Security Team of Today and Tomorrow


Technologies such as mobile, social networking, analytics and cloud computing are changing the security landscape, and security technologies are rapidly evolving to address that change.

It’s not just the technology that needs to change, however: security teams need to change as well.

EMC has evolved and must continue to evolve our security team to effectively combat the threats of today and tomorrow. The core skills essential to expand include business engagement and awareness; a consultative approach; the ability to sell or “market” security; and creative control design for the mobile and cloud-enabled world of tomorrow.

Another key group of skills that I recently had the opportunity to discuss at our RSA Global Summit is advanced security and defensive operations. shutterstock_167789336-300x169

Over the last few years we’ve developed a state-of-the-art Critical Incident Response Center (CIRC) at EMC. A large factor contributing to our success is the team that built, evolves and operates it. Sustaining the protection the CIRC provides depends on our ability to leverage the model we have used to date.

First, we built a solid foundation. We established a base of skilled practitioners with deep knowledge and years of experience in this area. These proven leaders hold another critical skill as well–the passion to educate and mentor.

To maintain that foundation, we must:

  • Provide career paths, advancement and opportunity
  • Pay competitively, although money is not enough (though it does help!)
  • Create professional development opportunities
  • Provide industry visibility through participation in forums and industry organizations
  • Facilitate and support true bi-directional information sharing
  • Enable innovation
  • Address their frustrations and remove roadblocks to support their ability to provide the best defense possible.

TeachingWe build on that foundation by introducing new talent —energetic, smart, eager-to-learn, self-starting, inquisitive, confident, persistent problem-solvers— into entry-level positions. Using this combination of mentorship and on-the-job training, we shape incoming talent into the practitioners of the future.

So where do we find these people? There are several sources where we have had success.

First, we look to college hires and interns. We find them early, train them, and make them part of the family. We try to keep them engaged by keeping them employed during the school year and then pulling them into entry positions when they graduate.

The other significant source we have is from cross-training IT operations team members. These professionals bring not only technical knowledge and key skills, but information about the IT infrastructure and connections across the IT team who can provide answers and speed actions.

CSOs from smaller organization may ask, “I can’t afford a large, dedicated response team like EMC’s.  What can I do?”

Scaling the CIRC function down into smaller teams requires compromise, simplification, automation, and using services for commoditized components. It’s essential to focus on delivering high-value tasks—those that map and tune the protection to the enterprise, such as incident management and response—with internal resources. Tasks that enable you to govern and evolve the level of protection remain inside as well, as do those that ensure that service levels are met. Commodity tasks such as first-level response and malware analysis can be delegated to service providers.

A critical issue to think about in any program is how to scale the response when a large incident occurs. It’s important to have an existing relationship with a provider and an understanding of how you will work together. The last thing you need at a time of crisis is for people to lose focus because they are battling over roles.

One last, essential area to consider is data science—a skill set needed to take full advantage of analytics. Analytics will increasingly be built into security technology, but near-term and for specific scenarios we need access to this scarce and often high-priced skill set. Whether you find this talent in other areas of your business or through external partners and providers, the key to success is to partner your experienced CIRC analysts who understand the threat with this analytics talent. Together they can provide crucial insights into your data and environment.

As you build and evolve your team, keep in mind that the best security technology is only as strong as the team that uses it.

This blog originally appeared on EMC Reflections Blog.

Continue Reading
Would you like to read more like this?

Related Posts

Transforming the Workplace

Workforce Transformation is one of the four key ‘Transformative’ messages that Dell EMC is taking to market, along with Digital Transformation, IT Transformation and Security Transformation. So it’s key that … READ MORE

Dell EMC Partner Post Blog October 19th, 2017
Click to Load More
All comments are moderated. Unrelated comments or requests for service will not be published, nor will any content deemed inappropriate, including but not limited to promotional and offensive comments. Please post your technical questions in the Support Forums or for customer service and technical support contact Dell EMC Support.

One thought on “Building the Security Team of Today and Tomorrow

  1. Pingback: The CIO and the CISO: Evolving Security Together | EMC IT Proven

Comments are closed.