Defend the Defenders: Managing and Participating in Excellent Teams with Seth Hanford

Slide Note
Embed
Share

Join Seth Hanford at DEFEND THE DEFENDERS conference where he shares insights on managing and participating in excellent teams. Learn about solving problems with limited resources, combating human adversaries, and attracting and retaining the right people. Whether you are an individual defender or an aspiring leader in the cybersecurity field, this event aims to address various challenges faced by security professionals and provide valuable guidance on team-building and career development.

vyas_oya
vyas_oya Follow

Uploaded on Sep 07, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. DEFEND THE DEFENDERS MANAGING AND PARTICIPATING IN EXCELLENT TEAMS SETH HANFORD, PROOFPOINT RVASEC 6 JUNE 8-9, 2017

  2. SOLVINGPROBLEMSW/ LIMITEDRESOURCES (BUDGET, PEOPLE, PROCESS, TECH) COMBATTINGHUMAN ADVERSARIES ATTRACTANDRETAINTHE PEOPLEYOUNEED DEFENDTHE DEFENDERS

  3. $ whoami @SethHanford CURRENT: STAFF INFORMATION SECURITY ENGINEER, PROOFPOINT (BLUE TEAM, PSIRT, ETC) FORMER: SR. LEAD MANAGER, DETECTION & RESPONSE (F100 FINANCIAL; LOCAL & DISTRIBUTED TEAM) MANAGER, THREAT RESEARCH TEAM (F100 TECH; GLOBAL TEAM) PSIRT INCIDENT MANAGER (F100 TECH; GLOBAL TEAM) OSINT HIPSTER (STARTUP / F100 TECH; LOCAL TEAM) OTHER: ~11 YEARS FULL-TIME TELEWORKER

  4. $ whoami guest INDIVIDUALS DEFENDERS OF ALL TYPES (OR THOSE ASPIRING TO BE): DETECTION, RESPONSE, THREAT INTELLIGENCE, TOOLS AND OTHER SECURITY OPERATIONS ASPIRING LEADERS (COACHES / MENTORS / INFLUENCERS, NOT NECESSARILY MANAGERS) LONGING TO FIND THAT AWESOME GIG , FEARING THE GRASS IS ALWAYS GREENER BURNED OUT BY A PAST SECURITY GIG, DIDN T FEEL THE COMPANY HAD YOUR BACK MANAGERS BUILDING A NEW PROGRAM, OR SIGNIFICANTLY EXPANDING / REBUILDING ONE STRUGGLING TO GET THE PEOPLE PART RIGHT WITH VARIOUS INTERNAL PRESSURES (BUDGET, VISION, DIRECTION, SKILL SETS, ORGANIZATIONAL CHALLENGES) FEELING LIKE THE TEAM IS GREAT, NOT SURE HOW IT GOT HERE AND/OR HOW TO KEEP IT HERE FEELING LIKE THE TEAM IS AT RISK, WORRIED ITS MEMBERS ARE GETTING CLOSE TO BURNING OUT

  5. WHAT THIS IS, AND WHAT IT ISNT IS SELF- AND TEAM-CARE, NOT PROFESSIONAL MENTAL HEALTH ADVICE OR COUNSELING IS ENCOURAGING GROWTH & CHALLENGE NOT ADVOCATING STAYING IN TOXICITY IS MAKING NON-TECH SUBJECTS ACCESSIBLE NOT ENCOURAGING RIGID MODELING IS ANECDOTE AND MENTAL MODELS NOT NET-NEW SOCIAL SCIENCE OR RESEARCH

  6. THREAT CHALLENGE MODELING BECAUSE WORDS MATTER

  7. WITH APOLOGIES TO SECURITY ARCHITECTS THE APPROACH: IDENTIFY ASSETS CREATE AN ARCHITECTURE OVERVIEW (TEAM & ORG) DECOMPOSE THE APPLICATION (GOALS/PROCESSES) IDENTIFY THE CHALLENGES DOCUMENT THE CHALLENGES RATE THE CHALLENGES

  8. ASSETS TEAM PERSONALITIES, DRIVE, MOTIVE; IMPACT & AFFECT; SKILLS PARTNERS CISO, AUDITORS, RED TEAM, TECH TEAMS, BUSINESS-AREA PARTNERS FINANCIAL BUDGET, HEADCOUNT, OPEN REQUISITIONS INVENTORY SYSTEMS, APPLICATIONS, TOOLS, SUBSCRIPTIONS, DATA SOURCES INFLUENCE POLITICAL OR SOCIAL CAPITAL; TRUST. BUSINESS ALIGNMENT

  9. ARCHITECTURE OVERVIEW EXAMPLE TEAM/ORG Security Organization Security Operations Internal Partners External Partners Security Engineering Vulnerability Remediation Application Security Event Detection Security Awareness & Communications Corporate Communications Threat Intelligence & Communications Incident Response Governance, Risk and Compliance Security Tools Development

  10. DECOMPOSE THE TEAM - GOALS & PROCESSES MISSION & VISION, TEAM CHARTERS EXPLICIT & IMPLICIT RESPONSIBILITIES PROCESS & PROCEDURE CONSIDER ALSO TIME-BASED CHALLENGES WHERE YOU ARE VS WHERE YOU WANT TO GO

  11. MISSION & CHARTERS - EXAMPLE MISSION PROTECTING THE INFORMATION RESOURCES OF $COMPANY BY MONITORING FOR INFORMATION SECURITY INCIDENTS AND RESPONDING TO CONTAIN, ERADICATE, AND RECOVER FROM THEM. EVENT DETECTION CONTINUOUSLY IMPROVING OUR ABILITY TO PROMPTLY AND EFFECTIVELY TRIAGE AND DISPOSITION THE SECURITY EVENTS THAT THREATEN OUR ORGANIZATION. INCIDENT RESPONSE DEDICATED TO CONSISTENT AND REPEATABLE INVESTIGATION, CRISIS MANAGEMENT, AND CONTAINMENT / ERADICATION / RECOVERY OF INFORMATION SECURITY INCIDENTS.

  12. IDENTIFY AND DOCUMENT CHALLENGES: SOURCES INTERNAL PARTNER EXTERNAL ORIGINATING WITHIN THE TEAM YOU ARE ON (YOUR PEERS, DIRECT MANAGER, AND ANY OF YOUR REPORTS), UNDER YOURCONTROLTO ACCOMPLISHYOUR MISSION ORIGINATING IN THE LARGER SECURITY ORGANIZATION, THE COMPANY, OR WORKINGWITHYOU TOWARDYOURMISSION ORIGINATING FROM OUTSIDE YOUR COMPANY, OR OTHERWISE TANGENTIAL TOACCOMPLISHING YOURMISSION

  13. IDENTIFY AND DOCUMENT CHALLENGES: TYPES SOCIAL PERSONALITIES, INTERACTIONS, TEMPERAMENTS, ORG POLITICS ERROR / MISUSE SKILLS, CAPABILITIES, AND THE (UN)INTENTIONAL DAMAGE FROM THEM FINANCIAL BUDGETS, PAY, TRAINING, OPEX / CAPEX CRISIS UNSTABLE, CRUCIAL SITUATIONS RESPONSIBILITIES IMPACTS FROM DOING ASSIGNED WORK (TIME, MONEY, MENTAL HARM) PHYSICAL / ENVIRONMENTAL HEALTH, WORKPLACE CONDITIONS, VIOLENCE OR PHYSICAL DANGER

  14. IDENTIFY AND DOCUMENT CHALLENGES: EXAMPLES TITLE: EXTERNALPENTESTREPORTSFOCUSEDONNICHESHORTCOMINGS SOURCE: EXTERNAL, PARTNER IMPACTED ASSET, GOAL, ORPROCESS: INFLUENCE, TEAM TYPE: SOCIAL, RESPONSIBILITIES SEVERITY: MEDIUM REPEATED REPORTS FROM $PENTEST-COMPANY HAVE IDENTIFIED SEVERAL SHORTCOMINGS IN OUR SECURITY POSTURE. THESE ARE VALID AND KNOWN, BUT ARE LOWER PRIORITY ON OUR LIST THAN THE KEY DEFICIENCIES THAT WE HAVE BEEN TRYING TO ADDRESS. SEVERAL OF THE BASIC ITEMS WE RE TRYING TO ADDRESS WOULD ALSO COVER SOME ASPECTS OF THE IDENTIFIED FLAWS.

  15. CHALLENGE MITIGATIONS WHEREIN WE DEFEND THE DEFENDERS

  16. COMBATTING CHALLENGE TYPES: SOCIAL GOOGLE AFTER YEARS OF ANALYSIS, KEY TO TEAMWORK IS BEING NICE RESPECT OTHERS EMOTIONS ALLOW OTHERS TO CONTRIBUTE TO CONVERSATION EQUALLY IS-BEING-NICE/ FOSTER BUSINESS & SOCIAL COMMUNICATION, PARTICULARLY REMOTELY (CHAT ROOMS) HOUSE RULES DISRESPECT ISN T WELCOME HERE BEST $1500 I VE SPENT: TEPPANYAKI & BOWLING; MINOR LEAGUE BALL IN THE QUEEN CITY FOCUS ON THE TEAM: INTERACTIVE & FUN EVENTS THAT FEEL REWARDING, NOT MANDATORY INVESTMENT DURING PLENTY WILL REAP REWARDS DURING DIFFICULTY HTTPS://QZ.COM/625870/AFTER-YEARS-OF-INTENSIVE-ANALYSIS-GOOGLE-DISCOVERS-THE-KEY-TO-GOOD-TEAMWORK-

  17. COMBATTING CHALLENGE TYPES: ERROR / MISUSE HIRE FOR POTENTIAL, BUT FOSTER & EXPECT GROWTH EXPERTS CAN T DOCUMENT THEIR ART AND OTHER FALLACIES PROCEDURES & CHECKLISTS SAVE LIVES CONSISTENCY & REPEATABILITY CAPABILITY MATURITY MODEL-> AUTOMATE THE BORING STUFF LEARN, TRAIN, DOCUMENT. IF ABSOLUTELY NECESSARY USE BUDGET

  18. COMBATTING CHALLENGE TYPES: FINANCIAL UNDERSTAND YOUR BUSINESS AND ITS BUDGET PROCESS WHEN OPEX ISN T AROUND, LEARN HOW TO USE CAPEX BUY THE RIGHT THINGS, BUILD THE RIGHT THINGS KEEP A RUNNING LIST OF NEEDS, WANTS, JUSTIFICATIONS AND QUOTES ALIGN TO YOUR MISSION / CHARTER FIGHT FOR BONUSES, REVIEWS, PAY. BE HONEST & FAIR, BUT ADVOCATE FOR YOUR PEOPLE METRICS, RESULTS, CHALLENGES

  19. COMBATTING CHALLENGE TYPES: CRISIS L.E.A.D. : LIMIT, EVALUATE, ACT, DEPART EMERGENCY VS ADAPTIVE CRISIS PHASES (HBR LEADERSHIP IN A PERMANENT CRISIS) PROCEDURE WINS EMERGENCIES, BUT RIGIDITY STIFLES ADAPTATION HTTP://COMMUNICATION-LEADERSHIP-CHANGE.COM/FILES/119516674.PDF LEAD BY SERVICE, RESERVE AUTHORITY FOR CRISIS HTTPS://TWITTER.COM/SARAHMEI/STATUS/832662375073329152 AFTER-ACTION REVIEW

  20. COMBATTING CHALLENGE TYPES: RESPONSIBILITIES MISSION & CHARTER CORE VS CONTEXT PUSH BACK ON THINGS THAT YOU CAN, AUTOMATE THE THINGS YOU CAN T WORK WITH THE BUSINESS / HR ON HARMFUL ENVIRONMENTS (PORN, INSIDER INVESTIGATIONS, EMPLOYEE MISCONDUCT) SHARE THE LOAD, CROSS-TRAIN, TAKE INPUT ON PROCESS IMPROVEMENT

  21. COMBATTING CHALLENGE TYPES: PHYSICAL / ENVIRONMENTAL CO-WORKERS GIVE YOU A LARGE PART OF THEIR LIFETIME; STEWARD IT WELL FAMILY, ILLNESS, OTHER CONCERNS ARE VITALLY IMPORTANT VACATIONS, TIME-OFF, FLEXIBLE WORKING ENVIRONMENTS DON T OVERLOOK PHYSICAL COMFORT IN THE WORKING ENVIRONMENT. HARSH CONDITIONS CREATE REAL STRESS OBVIOUSLY THOSE IN DANGEROUS / COMBAT ENVIRONMENTS KNOW THIS WELL

  22. PROBLEM SOLVING WITH LIMITED RESOURCES: PEOPLE, PROCESS, TECH PEOPLE > PROCESS > TECHNOLOGY GETTING TO YES: NEGOTIATING AGREEMENT WITHOUT GIVING IN FISHER & URY LISTEN TO YOUR TEAM, TAKE TIME TO PRIORITIZE NOT ONLY THE PAIN POINTS BUT THE THINGS THAT ARE LOW EFFORT / HIGH GAIN

  23. ATTRACT & RETAIN THE PEOPLE YOU NEED CAN YOU COMPETE IN YOUR METRO AREA(S)? HIRE REMOTE WORKERS, LEVERAGE LCOL BE SOMEONE YOUR TEAM CAN TRUST; PEOPLE WILL GO THROUGH A LOT IF THEY RE SUPPORTED DIVERSITY GENDER, SOCIAL, RACIAL, SKILLSET, ETC. TEAMS ARE BETTER WHEN EVERYONE HAS A VOICE, TEAMS WITH MORE PERSPECTIVES CAN HANDLE MORE THINGS BE A FIREWALL, BE AN ADVOCATE APOLLO 13, KEN MATTINGLY

  24. COMBATTING HUMAN ADVERSARIES UNDERSTAND THAT SOME OF YOUR PRESSURES ARE NOT BAD LUCK, THEY RE ORCHESTRATED TO SET YOU OFF BALANCE BALANCE OPERATIONAL SECURITY AGAINST REAL RISKS; DON T LET OVER-PARANOIA BECOME ITS OWN RISK WORK WITH YOUR PARTNERS (EXEC. ADMINS, SYSADMINS, FINANCE FOLKS) AND HELP THEM HAVE REASONABLE SAFEGUARDS

  25. THANK YOU! @SETHHANFORD

  26. IDENTIFY AND DOCUMENT CHALLENGES: EXAMPLES TITLE: FRICTIONWITHDIFFICULTTEAMMEMBER SOURCE: INTERNAL IMPACTED ASSET, GOAL, ORPROCESS: TEAM; INCIDENT RESPONSE PROCESSES TYPE: SOCIAL SEVERITY: MEDIUM SEVERAL TEAM MEMBERS HAVE NOTED THAT $EMPLOYEE IS VERY DIFFICULT TO DEAL WITH IN STRESSFUL SITUATIONS. $EMPLOYEE OFTEN BECOMES RECLUSIVE / SECLUDED AND COMBATIVE ABOUT SHARING KNOWLEDGE AND TECHNIQUES RELATED TO THEIR UNIQUE SKILL SET

  27. IDENTIFY AND DOCUMENT CHALLENGES: EXAMPLES TITLE: BETTERDATASETSNEEDED SOURCE: PARTNER,INTERNAL IMPACTED ASSET, GOAL, ORPROCESS: TEAM; INVENTORY TYPE: FINANCIAL SEVERITY: HIGH EXISTING TOOLS AND DATASETS ARE NOT SUITED TO THE DETECTION & RESPONSE NEEDS OF THE TEAM. TEAM HAS IDENTIFIED NETFLOW, PASSIVE DNS, AND HOST-BASED ENDPOINT LOGGING AS THE THREE PRIMARY GOALS, BUT CENTRAL COLLECTION OF THESE LARGE DATASETS IS NOT WITHIN BUDGET. IT WILL COST $XXX TO PUT IN PLACE THE PRIMARY IDENTIFIED NEED: CENTRALIZED ENDPOINT LOGGING. ($YYY FOR NETFLOW (#2) AND $ZZZ FOR PDNS (#3))

Related


DEFEND THE DEFENDERS

DEFEND THE DEFENDERS

havelock
Addressing Challenges in Public Defense: Calls for Raises and Recruitment Flexibility

Addressing Challenges in Public Defense: Calls for Raises and Recruitment Flexibility

oien_ana
Understanding Tactical Fouls and DOGSO in Soccer

Understanding Tactical Fouls and DOGSO in Soccer

maisey
Ethical Nightmares: Tales from the Public Defenders

Ethical Nightmares: Tales from the Public Defenders

bmon
Critics and Defenders in Multiculturalism Debate

Critics and Defenders in Multiculturalism Debate

eleri
Getting Started with Microsoft Teams for VUMC

Getting Started with Microsoft Teams for VUMC

even
Systemic Risks of Increasing Non-Participating Business in India

Systemic Risks of Increasing Non-Participating Business in India

tay_me
India Fellowship Seminar on Participating vs. Non-participating Products

India Fellowship Seminar on Participating vs. Non-participating Products

izle346
Human Rights Defenders Game: Raise Awareness of Human Rights Violations in Honduras

Human Rights Defenders Game: Raise Awareness of Human Rights Violations in Honduras

livia
Exploring Ancient Egyptian Gods: Amun, Thoth, Anubis, Bastet, Seth, and Hathor

Exploring Ancient Egyptian Gods: Amun, Thoth, Anubis, Bastet, Seth, and Hathor

zackary
Character Analysis of Mrs. Schulewitch and Adam Seth from Over the Bridge

Character Analysis of Mrs. Schulewitch and Adam Seth from Over the Bridge

nehe_bin
Adversarial Risk Analysis for Urban Security

Adversarial Risk Analysis for Urban Security

zmora
Extending Microsoft Teams for Higher Performing Teams

Extending Microsoft Teams for Higher Performing Teams

jdreg
Training Session on Loan Application Presentation and Evaluation

Training Session on Loan Application Presentation and Evaluation

ezmerald
Understanding the Defend Trade Secrets Act (DTSA) - Key Points and Implications

Understanding the Defend Trade Secrets Act (DTSA) - Key Points and Implications

sgebh
Understanding the Purpose and Essentials of Civil Summons in Legal Cases

Understanding the Purpose and Essentials of Civil Summons in Legal Cases

cassian
Mastering Microsoft Teams Navigation: A Comprehensive Guide

Mastering Microsoft Teams Navigation: A Comprehensive Guide

sonali
Managing Research Teams During COVID-19: Challenges and Strategies

Managing Research Teams During COVID-19: Challenges and Strategies

rhy_me
Building Productive Teams: Key Concepts and Strategies

Building Productive Teams: Key Concepts and Strategies

ymatt
Troubleshooting Tips for Teams Meetings Connectivity

Troubleshooting Tips for Teams Meetings Connectivity

treadway_d
Understanding League Tournaments: Types, Advantages, and Disadvantages

Understanding League Tournaments: Types, Advantages, and Disadvantages

nikita
Enhancing Digital Capabilities of Staff through HR Engagement

Enhancing Digital Capabilities of Staff through HR Engagement

nnen
Enhancing HR Teams' Digital Capabilities with Jisc Framework

Enhancing HR Teams' Digital Capabilities with Jisc Framework

sebast
Ottawa B-League Rep Pilot Program Information Session 2024-2025

Ottawa B-League Rep Pilot Program Information Session 2024-2025

bra_rus

More Related Content