There is no “one size fits all” approach when building or
re-building a high performance cyber security team.
The team that you build depends on the cyber program that
you currently have, the industry that you are in, and the type of program that
you want to build.
The definition of success for a security team in a regulated
industry may be very different and require a different set of skills than a
security team in a less regulated industry.
Same with a team starting with a program at a low level of
maturity compared with a high level of maturity.
More choices than coffees at a coffee shop.
If you haven’t known great cyber practitioners, get out and
meet some. They are the ones with the thoughts, critical thinking, and
solutions even when the issue is undefined, and smoking, and hairy.
So, don’t just copy job descriptions.
Or assume that each candidate with the same certs are the
same.
Be purposeful about what you need.
Be decisive when you find it.
After all, a crazy good security program isn’t going to build
itself.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment