The realm of cyber crime has exploded in the last decade, and with it a plethora of strategies, methodologies and technology. But what about the people working in cyber security? Here’s why I think they’ve been forgotten about, and what we’re doing about it.
Back in my software developer days, I worked on a project with Vodafone and got to spend time with a bunch of different cyber folk there. It was overwhelming – the variety of day-to-day work and skills across the team peaked my interest. My experience was in intranets and collaboration, and I approached this cyber project with that experience very much in mind – how can I make it easier for these guys to work together? How can I help them spend less time digging around for the information they need? That played a big part in my thinking as I learned about the pains of the teams and started to devise the solution.
Fast forward 10 years and I still get that feeling now. Sure, there’s a much wider range of software and technology out there to help cyber teams prevent, detect and manage cyber attacks, but I can’t help feeling that the people working in cyber are underserved.
There are lots of fancy technical solutions in the market that promise the earth, but in my experience and discussions with other cyber professionals, rarely live up to their marketing message. These can be anything from full blown GRC solutions, through vulnerability scanning and devsecops tools, right down to in-built cloud security components seen in the likes of Azure and AWS. Don’t get me wrong, some of these solutions are great! But from what I see and hear talking to InfoSec teams and leaders, the problem I saw 10 years ago still exists and a lot of people working in Cyber are pulling their hair out fairly regularly.
As great as many of the tooling today is, they still ultimately spurn out a bunch of information, and the people in the InfoSec team have to do something with it. Whether it’s downloading exports and sifting through records to go and take action, or discussing particular events with various stakeholders over Teams or email (still very much alive), the problem remains and it’s costly.
When I think about how much time I see these highly paid, highly skilled workers spending hunting down information, collating and manipulating it, throwing it into PowerPoints, emailing it around to people, I can’t help but think the time-to-value for those guys and girls is long. InfoSec teams aren’t getting the most out of these wizards – what if things could shift left and most of this boring/relentless, but necessary work could be taken off their hands, so they can utilise use their skills earlier and have a bigger impact? That’s the dream, and that’s what we’re helping some great organisations do through Zerodai.