Starting from Scratch

CybersecuritySecurity OperationsThe FutureProgram Strategy
Written By Chris Yacone

A Plan for a Plan

Embarking on a journey in a newly minted department can be a daunting endeavor for many, but for me, it has always been a gateway to boundless opportunities. I aim to unravel the complexities and the exhilaration of building from the ground up. Today, we dive into the initial phase of crafting "A Plan for a Plan."

Throughout my career, I've found myself at the genesis of departmental inception on multiple occasions. While the prospect of starting from zero may seem overwhelming to some, I've always perceived it as a fertile ground for learning, growth, and significant impact. This perspective was particularly poignant when I took on the role of “lead” at three different organizations, finding myself as employee number one, tasked with either steering a managed service or creating a team from scratch.

Juggling the expectations of a manager, analyst, and engineer simultaneously can be overwhelming, and striving for excellence in these multifaceted roles often seems like an insurmountable challenge. During incident responses, the pressure to deliver optimal outcomes while pioneering new technologies was immense. Balancing innovation with the day-to-day responsibilities, all the while ensuring that metrics and reports like after-action reviews and lessons learned didn't suffer, was a Herculean task.

However, one of the most critical strategies to prevent burnout and ensure sustainability in such roles is leveraging the skill sets within your organization. I recall joining a company brimming with technically adept individuals who could shoulder the responsibility of collecting forensic packages and providing the requisite information or expertise needed. This collaborative approach starkly contrasted with situations where I had to rely on managed services, often leading to delays and necessitating increased access requests for my team due to bottlenecks caused by downstream teams.

The essence of starting from scratch is the freedom to script your blueprint. This stage, "A Plan for a Plan," is not about erecting the entire structure in one go or envisioning a utopia that remains perpetually out of reach. It's about embracing the power of incremental progress and embedding continuous improvement into the fabric of your operations. The goal is to prioritize progress over the pursuit of an elusive perfection.

A Blank Slate

Now lets encounter a pivotal stage: "A Blank Slate." This moment is ripe with potential, yet it often triggers what I've come to call "Blank Slate Syndrome." This phenomenon surfaces when individuals face the daunting task of creating something entirely new, without precedents or templates at their disposal, leading to a hesitancy rooted in the fear of making mistakes. However, it's crucial to recognize that in the realm of innovation, such mistakes are merely stepping stones to progress.

To combat this syndrome, I encourage a mindset shift with a simple yet powerful reminder: "I know what nobody's ever done before. Build this program here" Whether it's building an Incident Response (IR) program for Company X or designing a Vulnerability Management (VM) program for Company Y, the uncharted territory should be viewed not as a barrier but as an exciting challenge. It's time to embrace a culture of fearlessness in the workplace. The shadow of Impostor Syndrome looms large in these scenarios, but it's essential to remember that the primary goal is not perfection but progress.

Leadership that demands flawless execution without room for growth or learning may need to reassess their approach. What's truly valuable is demonstrating that we are moving forward, making informed decisions, and shaping strategies that we believe will benefit the organization. Equally important is the willingness to receive and incorporate critical feedback from stakeholders involved in the project.

When presenting our projects, adopting a strategy of offering multiple solutions can be incredibly effective. This approach not only mitigates the fear of making the "wrong" choice but also invites stakeholder participation, making them feel valued and heard in the decision-making process. The objective of discussions, calls, or presentations should not be to single-handedly dictate the final direction but to collaboratively refine and select the best path forward.

This stage underscores the significance of embracing uncertainty with confidence and creativity. By presenting various options and being open to dialogue, we not only foster a more inclusive and dynamic workplace but also pave the way for innovative solutions that reflect the collective intelligence and perspectives of the team. Let's move beyond the fear of the unknown and together define what success looks like for our projects and our organization.

What's a Vision?

As we draw closer to the culmination of our series "Starting From Scratch," it's imperative to address a fundamental yet often overlooked aspect of building from the ground up: defining a vision. Specifically, when navigating the uncharted waters of cybersecurity for an organization, the clarity of vision in terms of inputs and outputs becomes indispensable.

Inputs: The Foundation of Work

Every team within an organization operates on a set of inputs, the fuel that drives their engine. These inputs can vary significantly depending on the department's function—from customer feature requests for development teams, to alerts for a Security Operations Center (SOC), and even leadership approvals. Recognizing and understanding these inputs is crucial as they serve as the starting point for any workflow or project.

Outputs: The Vision Realized

Outputs are the tangible results of your team's efforts. They can range from completing a task, developing a strategic plan, to simply providing an approval. The essence of a vision in cybersecurity, or any field for that matter, is to have a clear understanding of what these outputs should be. It's about setting a goal for what you intend to achieve with the inputs at your disposal.

From Blank Slate to Vision

When faced with a new beginning or a role, reflecting on the job description can offer valuable insights into expected inputs and outputs. However, it's equally important to evaluate past experiences—what has been done well and what hasn't—and use this analysis to refine your approach.

In the context of building incident response management programs, the inputs often include logging and monitoring through various mechanisms, such as a SIM or an alerting system, and user reports. Defining the processes for how these inputs are handled—whether it's integrating user reports into the security operations center or establishing escalation paths—is crucial.

Escalation and Resolution

Understanding who needs to be involved in different scenarios is key. For example, malware reported by a general user versus an insider risk reported by HR necessitates different escalation paths. It's essential to ensure that the output not only addresses the immediate issue but also aligns with best practices and regulatory frameworks like NIST 800-53 or utilizes tools such as the MITRE ATT&CK framework for a comprehensive approach to incident identification, analysis, triage, and resolution.

The Vision of Continuous Improvement

Ultimately, the vision should extend beyond merely closing a ticket. It's about establishing processes and frameworks that enable continuous improvement and adaptation. Whether it's through the development of an incident response form or consulting with stakeholders on best practices, the goal is to ensure that outputs not only resolve the immediate inputs but also contribute to the long-term security posture of the organization.

Defining a vision in the landscape of cybersecurity or any area of responsibility is about establishing a clear direction for inputs and outputs. It's about building a framework that allows for adaptability, continuous improvement, and, most importantly, aligns with the overarching goals of the organization. As we navigate the challenges and opportunities of starting from scratch, let this vision guide our efforts towards creating impactful, sustainable solutions.

Kind regards,

Your friendly neighborhood Chris

Chris Yacone
Previous

Syncopated Science: My Rhythms of Research and Self Development

Next

The Rise of The “One-Person” Army