Organizations should utilize behavioral psychology techniques to improve how computer security incident response teams (CSIRTs) operate, according to Mark Orlando, CEO of Bionic, and Daniel Shore, chief research officer of LeTS: Leadership & Effective Teamwork Strategies, during a session at Black Hat Europe 2021.
Orlando began by outlining the most significant teamwork issues seen in CSIRTs. These are:
- The superhero problem: an overreliance on a few key individuals for thought leadership
- The teamwork problem: too much focus on technical capabilities at the expense of working together internally and with other teams effectively
- The firefighting problem: constantly having to adapt and respond to crises, therefore losing time to think strategically
- The lone wolf problem: this is where personnel are motivated only to do their own work
At the heart of these problems is ‘ego-centrism,’ where attitudes of “I can do this on my own” are prevalent, according to Orlando. This is not the right approach in incident response, where “we are trying to solve some very difficult and complex problems.”
In addition, it is essential for CSIRTs to work with other parts of the organization, such as application teams and the business owner, to find a solution. “We don’t do what we do in a vacuum,” added Orlando.
Shore pointed out that ego-centrism arises from psychology – “as humans, we want to feel validated and that we are valuable,” he stated. However, regarding incident response, “it is no longer an option to work on your own and be most effective in that response.
The two speakers then shared details of research they had undertaken into teamwork within cybersecurity teams worldwide. Shore said they quickly realized that to drive interest in learning about teamwork in incident response, “you have to take a gamified approach to talking about the areas we want to work on.” The curriculum therefore has to be non-cybersecurity to ensure everyone is brought to an equal playing field.
Such an approach promotes “psychological safety,” whereby employees feel empowered to speak up and raise issues with anyone in their organization, regardless of position. This enables those in leadership roles (CISOs, CIOs, etc.) to gain insights and collaborate with the rest of the team more easily.
Orlando and Shore emphasized the need for frameworks to help CSIRTs structure their teamwork. “It’s really important to have a repeatable, structured way to facilitate that teamwork and to measure it in order to make it effective and have the team make the right decisions even when the leadership isn’t around,” explained Orlando.
No tags.
