People power took the stage during a panel on Thursday at FCW’s Cybersecurity Summit as participants emphasized the importance of supporting cybersecurity personnel to ensure quick and effective responses to threats.
“You get a part of the answer with technology, but you get a big part of the answer from people on your team that are looking for those threats,” said Christopher Brown, director of the Cyber Security Operations Cell (CSOC) within the National Geo-Spatial Intelligence Agency (NGA).
Panelists acknowledged that Federal agencies face difficulties in recruiting and retaining the right cybersecurity talent, and offered a range of advice for agencies to meet their needs.
“You grow the talent if you really want it to meet your needs,” said Bil Garner, sales engineer with Gigamon. “There is no certification or background that makes especially perfect human analysts.”
“The people are the most important part, and giving them processes and standardization to take these very skilled cyber analysts and their art, and making it systematic and turning it into repeatable standardized processes that we can use as a training mechanism,” said Brian Gattoni, CTO of the Office of Cybersecurity and Communications at the Department of Homeland Security. This type of training, he said, also helps to build a sense of community within the department.
When asked about how to allocate personnel, panelists were in agreement that people should be used to respond to threats quickly and effectively.
“You may get to predict, but you will have to respond,” said Gattoni.
“I think prediction is further down the maturity model, and to start shifting resources towards prediction is a dangerous step,” added Garner.
“Our number one goal and function is cybersecurity instant response, and we try to be good at that. One way we’re good at that is we try to be fast, so we won’t spend a lot of time trying to predict a threat,” said Brown.
On the subject of users, the discussion turned to a more negative aspect of personnel – insider threats.
“From my point of view, as CSOC manager, our current activities integrate with that,” said Brown. He also noted the importance of shifting people around and keeping an open line of communication with the insider threat program. “At the end of the day, the insider threat function is very similar to the cyber defense function,” he said.
Gattoni shared his excitement for the potential of CDM to integrate with insider threat programs and enable more sharing of success stories. “If one group’s really successful at their insider threat program, CDM in turn allows them to share that with the rest of the community.”