3 Tips For Building a Strong Cybersecurity Operations Team
1. Build Clear Communication Strategies
Organizations should establish internal and external communication pathways for passing on information regarding breaches. Higher education security teams need to know when to contact the university president and other top administrators, as well as other IT personnel, contractors and non-IT related employees.
For external audiences, IT security teams need clear protocols that define when and how to inform external counsel, students and the public. As an administrative backup, these instructions should be printed on paper and distributed to key stakeholders.
2. Practice Detecting and Responding to Threats
The Center for Internet Security offers free exercises in which teams can practice responding to scenarios such as malware infections and cloud infiltrations. Running through these incident scenarios once a month can help a security team stay updated on new threats. It can also show your organization where you might have gaps.
“Study those situations, work with people and develop workstreams to build a response,” Shpantzer says. “Who knows how to detect the threat? Who knows who to call? Who makes the business decisions?”
3. Develop and Provide Resources for Your Team
The MITRE Corporation, a nonprofit organization that operates federally funded R&D centers on behalf of state, local and federal governments, recommends ensuring that you have the optimal number of analysts needed to meet your specific organization’s security operations center demands. It also emphasizes that opportunities and training are key for efficient and resilient teams.
For example, use creative analysts to write code that can automate security activities. Those are the staff members you want to hire and keep. “The whole idea of a CV and a skill set is not what we’re looking for anymore,” says Max Vetter, Immersive Labs’ Chief Cyber Officer, in the webinar. “It’s attributes like perseverance.”