Report: Challenges Security Operations Leaders face building Teams

I came across an interesting article in Security Magazine titled “SOC experts report cyber skilling obstacles”.  In the article Cyberbit, a provider of Cyber Skills Development Platforms, revealed the results of the first annual Cyberbit SOC Skills Survey.  The survey (download link in the article) results sheds light on how companies are fulfilling (or not) cyber team skills requirements in order to maintain a strong cyber defense posture.

I thought there were a number of interesting findings in the report.  One was the disparity between human resources and technical hiring managers.  No news there; it’s hard for non technical HR staff to assess candidates for technical job roles.  My take is that you need differentiate yourself to make your resume or C.V. stand out to human resources professionals.

Another finding was how candidates are interviewed and screened.  The report called out that while 70% reported “conversation’; 8% use ‘cyber range simulation’ and 10% use ‘task’.  I believe that having candidates use simulations and complete tasks are great assessments of technical skills.  The challenge posed by using those assessments is in delivering them fairly.  In order to use a simulation or to have a candidate complete some task the employer should advise candidates in advance of the assessment and it’s associated conditions.  Those conditions include some notes about general problem background; what equipment or data will be provided, and how long the candidate will have to complete the simulation or task.

Since the overwhelming number of responses cited ‘conversation’ as the interview technique; candidates have to have a plan for how to guide that interview conversation.  My suggestion is that you be ready to talk about some recent technical topic that you’ve researched or learned about.  Judging applicability of that topic to your interview is something that should be part of the candidate’s interview prep.  Be prepared to talk about how you have recently studied cyber threats linked to open source code (for example).  Have a plan to offer a 2-3 sentence summary (less than 1 minute) of what you learned about Heartbleed.  Be prepared to go deeper.  Have a plan to follow that up with 2-3 minutes about patterns of attack using open source used multiple vectors.

In short, be prepared to drive that initial interview conversation.  Start short and high level.  Be prepared to show some depth.

Another  important skill finding brought up by Cyberbit was regarding skills.  The two most critical skills identified were Intrusion detection and network monitoring.  I read that SIEM and IDS/IPS.  There are so many tools available at little or no cost that not being able to learn and speak about these topics is just wrong.