Defender DNA: What drives cyber analysts to greatness?
How to assemble a team with the skills and qualities needed to outpace today’s evolving threat landscape
We are defenders. It’s in our DNA. While defending cyber interests globally we’ve developed a skilled team, advanced capabilities and a proven framework to proactively protect what matters most. Our solutions promote a mature cybersecurity posture.
Cybersecurity motivates our entire Leidos Cyber team. It’s in our DNA, as they say. We know we’re in a constant battle with our cyber adversaries – those individuals attacking our network and our clients’ networks, and we have the utmost desire to stay ahead in that battle. We revel in the idea that we can detect even the most sophisticated of attacks, at any stage of the Cyber Kill Chain®. And we’re tirelessly motivated to not fall behind in our battles with these adversaries.
What We Look For
This cybersecurity domain is a cat-and-mouse game, as everyone knows, and it never ends. Attackers continually create more advanced exploits and delivery techniques, and defenders continually create more sophisticated defense mechanisms and intelligence to drive them, to prevent future attacks from being successful. Our cyber team thrives on observing and detecting sophisticated adversary attacks, using consistent and repeatable analysis framework to completely exhaust intelligence gained from analysis at every phase of the Cyber Kill Chain to evolve our defenses and thwart future attacks.
What We Live For
We live to do things like develop sophisticated means of detecting adversaries where it hurts – their TTPs – things that are difficult for them to change. We’re constantly on the lookout for that next attack – the time when all but one adversary tactic we’ve just uncovered from our in-depth analysis changes, and we now detect that one, newly discovered, unchanged tactic as they attempt to evade our defenses yet again. (We saw that Mr. Adversary… nice try though.) That’s the feeling we live for – those “aha!” moments when we detect an attack, or uncover new and interesting ways our attackers attempt to evade our defenses, only to use that new attack discovery and all of the intelligence we generate from analyzing it against them for future attempts. We’re ruthless like that. Then we start the cycle over again, mining all of the data available from this latest attack with all of its changes, to add even more detections to our defenses.
What We Design For
We design defensible networks, we passively monitor, we actively block, we generate new intelligence from complete analysis of real attacks to improve our defenses, and we automate as much as possible to ensure our analysts can focus their time on what really matters – outpacing our adversaries and focusing our time on proactive remediation instead of spending time scrambling to react to successful attacks. This is how we get ahead in this game and how we stay ahead. It’s what keeps us up at night, and that’s extremely important.
How to Foster a Team of Defenders
Staffing a nucleus of advanced cyber analysts is a key component to evolving SOC operations to respond to today’s evolving threat landscape. The talent pool of classically trained cyber analysts is small and recruitment is competitive. So how do you assemble the right team?
- Understand the key players you’re looking for. Staffing the analyst nucleus can create a strong foundation to build the team and culture that promotes success. Finding people with the right technical and non-technical skills to establish that relentless drive to learn from attacks and outpace adversaries. This nucleus sets the tone and will be pivotal in strengthening the defender DNA.
- Cultivate a team from within. Armed with an understanding of what makes a good analyst – take a look around the organization, rethink your job postings, take another look at the stack of resumes – rock star analysts can come from unexpected places. Look for candidates with an inquisitive nature, a passion for learning, and a relentless work ethic. Strong technical skills can go a long way, but often times aren’t a substitute for the defender DNA.
- Train the ones you’ve got. The threat landscape never stops changing, which means defenders must never stop learning. This happens constantly as defenders defend, but it can also happen in more formal settings. EXCITE® training, an offering built from our own experiences arming cyber analysts and defenders with the skills needed to be successful, can jumpstart and help push defender to the next level with frameworks that encourage investigation and discovery and the tools to perform it effectively. Training also sets a standard and offers common vocabulary and structure within which to collaborate, further solidifying the foundation for defenders to build on.
Learn more about staffing for cybersecurity success.