This blog was written by Grant Bourzikas, previous CISO at McAfee.
Whether you’re racing to fill cybersecurity jobs to keep up with the changing threat landscape or support your company’s rapid growth, getting your team trained and at the top of their game is a high priority. You need to ensure all new hires are operating with the same baseline of knowledge and skills as your veterans. But at the same time, you must keep everyone a step ahead of the latest threats and attacks. By providing staff opportunities to develop their expertise as well as nurture their natural interests, you can build a team of cybersecurity professionals that form the backbone of your organizational culture of security.
One of the best ways to prepare for the unexpected is to practice. This may seem counterintuitive, but there are a variety of ways to test your teams with realistic scenarios to accelerate skill development.
Many of the problem-solving skills used in gaming translate to those needed in cybersecurity. Gamification is also becoming more frequently used to improve performance among cybersecurity employees – and is something our very own SOC team employees for creative problem-solving skills development and training. The recent McAfee Winning the Game report revealed 77% of senior managers agree their organization’s cybersecurity would be much safer if they implemented more gamification. Top benefits from using games include increasing knowledge on how breaches can occur, how to avoid being a victim to a breach, and how to best react to a breach. In addition to fine-tuning skills, games force players to be vigilant and focused, characteristics highly valued in security roles. Using gamification as part of training, and even giving credit to gaming experience in hiring candidates, can help you keep your team sharp and energized.
Simulate real threats
Using penetration testing to simulate threats isn’t a new tactic, but combining it with elements of social engineering can provide a more authentic scenario to help teams prepare. Deploying this over a realistic timeline to test your staff on detecting and responding to the latest types of cyberattacks provides insight into how they will fare in a real-world attack scenario. Craft scenarios to emulate specific types of threat actors, such as enthusiasts, organized groups, and cybercriminals, and gauge your resilience against threats like data theft, fraud, and corporate espionage. For help in developing and implementing this kind of testing, learn more about McAfee’s Red Team Services.
Think beyond your own walls
McAfee employees had the honor earlier this year of being invited to participate in a three-day cyber exercise led by the Department of Homeland Security called Cyber Storm. They joined more than 2,000 members of private industry, federal government, and international partners in a simulation of discovery and response to a large-scale coordinated cyberattack. While this event is by invitation only, it’s a great example of the kind of opportunity worth seeking out for your staff. The practice scenario strengthened information sharing partnerships among private and public sector organizations, underscoring the critical nature of these relationships.
Ensuring your team is constantly energized through positive training experiences like gamification is a new development in cybersecurity benefiting many companies. It helps teams feel motivated to continuously learn and problem solve – so they are ready to detect and respond to the latest cyberattacks. Deploying a combination of both traditional and non-traditional testing will keep you operating at peak performance. When looking to build a culture of security across your entire organization, security leaders must constantly train and invest in their teams to ensure they are inspired to live by security-first values in all that they do. A strong group of cybersecurity pros can set an example for the rest of the company.
Recruiting and retaining security professionals can be a challenge in today’s competitive environment. Make sure the team you’ve worked so hard to build gets the training they need to perform at their best.
Want to test your team’s skills separating the signal from the noise when performing incident response? Check out our interactive quiz.