Although they may seem very different at first glance, there are some compelling similarities between cybersecurity professionals and traditional first responders such as police and EMTs. After all, in a world where cyberattacks on critical infrastructure can cause untold damage and harm, cyber responders must be prepared for anything.
But are you really ready? How do cybersecurity professionals compare to the responsiveness of traditional first responders in incident response? Does a similar sense of urgency exist in cyber, and how do security leaders respond? Let’s dig deeper to see what we can learn from first responders.
What first responders and cyber IR professionals have in common
Troy Bettencourt, Global Head X-Force Incident Response At IBM, we have responder experience at multiple levels, with backgrounds in military, law enforcement, and cybersecurity incident response. Bettencourt said there are many similarities between military, law enforcement and cybersecurity incident responders.
“Many of the things that make or contribute to the success of military and law enforcement agencies.” teeth We have ongoing training and discipline,” he said. “When an emergency happens, when something happens as part of an internal team, you don’t have to spend as much mental energy on things that should be done on a daily basis.”
Like the military and first responders, incident responders in the cyber industry need clearly defined roles and real-world experience to be successful. For example, you don’t have to think about how to do a search. EDR Platform, or how to query firewall logs or SIEM.
“That should be practiced all the time,” Bettencourt said. “If you’re constantly training and practicing, you’re not expending your limited mental energy and creating high levels of stress, and you’re freeing up your mental energy for tasks that actually have value.”
Standardization is also important to Bettencourt and the X-Force team. “We want to make sure that we approach our analysis in the same way, so that if we have 50 systems to analyze and we distribute that workload, we know that the results are reliable. But they were also complete and no items were missed,” he said.
Cyber industry challenges
One of the more specific challenges is Incident response (IR) This is a holistic approach to cyber response. Unlike first responders who have become highly prepared in protocols, cyber continues to lag behind.
“We still have a long way to go,” Bettencourt said.
He acknowledged that while much of X-Force’s work skews toward larger, more mature enterprise customers, some of its specific areas are still less mature. Small businesses, and even large corporate organizations, that don’t have the resources to invest in cybersecurity are often unprepared for the IR process.
“I hope that doesn’t seem like a roadblock. Companies need to embrace cybersecurity as part of their business, not just a regulatory element they need to comply with. Barriers to Entry for Cybercriminals It’s very easy to jump on the dark web and get tools or buy malicious Software-as-a-Service kits. It doesn’t take much to become a cybercriminal. It doesn’t take long.”
But behind the visible challenges lurk the invisible obstacles of responder burnout and stress. According to Bettencourt, the study Whether it’s cybersecurity, law enforcement, military, or high-risk jobs, it shows that people often go above and beyond because of their teams.
“They don’t want to let the team and team members down,” he said.
Because of that responsibility, many IR professionals often become self-sacrificing and do not care about their own well-being. This can lead to severe burnout and stress.
“Revenues are now down. We have a talent retention problem, not just for the company but for the sector as a whole.”
Adopting the right mindset for successful IR
To address preparedness challenges and keep pace with first responders, Bettencourt suggests companies focus on three key areas:
Adaptability
While there are benefits to deep standardization, Bettencourt advises organizations to remain flexible. Especially in a field where technology and approaches to threats are constantly changing and there is a constant desire to learn.
“Starting your way in this field is a harbinger of death from a career standpoint, because it quickly outgrows you,” he said. “I was out of the field for about three years, but when I came back it was like drinking from a firehose. I had been in the field for about six years before that.”
Encourage small teams
Building a small team culture has yielded positive results for the X-Force team.
“This is an approach that benefits both individuals and organizations,” he said. “I think leaders need to really try to foster small team structures and cultures where people can trust each other and, in turn, go above and beyond because of their teammates. You don’t want to let your business down, you don’t want to let your clients down.”
Prioritize your mental health
Mental health support is readily available in the cyber industry, but it is less discussed than for first responders, where access to such resources has become more commonplace over time.
Regarding trauma in first responder work compared to IR and cybersecurity, Bettencourt said that while there may not be as much physical trauma in the cyber field, the ongoing stress of the job can accumulate over time and cause tension. pointed out that it could cause
“I got burnt out from making individual contributions,” he admitted. “At one point, I was working 60, 70-hour weeks for four straight months. All I was working on was ransomware and nation-state involvement, and it was a burden on me and my family.” It has become too much.”
Preventing burnout improves IR
Unfortunately, long working hours are very common in the field. So how can leaders get into the right mindset to reduce burnout?
“If you are a business that only cares about the bottom line, [and not your personnel]Keeping respondents happy means better performance and less turnover, which means lower talent acquisition costs. In the cyber field, it will take time to increase its speed. “In IR, typically when you lose someone, it takes about six months to find a replacement who can really contribute, and that means burning out other people,” Bettencourt said.
“So, from a purely business, mercenary perspective, even if your organization is not employee-centric, from a performance, customer satisfaction, and delivery of quality outcomes, from a talent development, talent It makes sense from a retention, reduced talent acquisition, and reduced talent acquisition cost. To me, it’s a no-brainer. You have happier people, and people If you are happy, they will usually work harder for you.”
By learning a few lessons from first responders, organizations can be prepared to deal with whatever the next cyber crisis brings.
Learn how IBM X-Force can help you with all things cybersecurity, including incident response, threat intelligence, and offensive security services. Schedule a meeting here.
If you have a cybersecurity issue or incident, please contact us X force Please help: US hotline 1-888-241-9812 | Global Hotline (+001) 312-212-8034.