Why agility is vital for security professionals

DWP, Network Rail and more on how to build a security team

Agility is an essential skill for security workers, according to cyber security chiefs from the likes of Skyscanner and Network Rail speaking at Infosecurity Europe 2017 today.

The term 'agility' can mean being flexible about the nature of their daily task as well as the method of working, according to Vicki Gavin, The Economist Group's head of continuity and information security.

Advertisement - Article continues below

She said: "Just because you're hired to be a security operations centre [SOC] analyst does not mean you will always be a SOC analyst. Being able to duck and dive pertains to what we do."

Mahbubul Islam, head of secure design at the Department for Work and Pensions (DWP), agreed and highlighted how a team should be ready to react to what a business needs as necessary.

"I would say it's a more disciplined, self-organising team who work together in various activities," he said.

For Stuart Hirst, head of IT security at Skyscanner, agility means doing things at pace and experimenting. He also underlined the importance of "failing forward, failing fast" where individuals learn to prevent the same mistake happening in the future.

Network Rail CISO Paul Watts identified an important factor as empowering security staff "who aren't asking for permission" who work with the business, not just for the business.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Gavin underlined how one of the backbones of agility is resilience "It's the unexpected we have to deal with and the only way to deal with that is being agile." She added: "It's the stuff you can't imagine that you have to respond to. From the top down they need to expect things to go wrong".

Watts agreed with this, and added that an agile security team sits everywhere within a business, saying: "Security is a collective responsibility; we are providing capabilities and education to bring the entire business in."

Skyscanner's Hirst added: "Everyone in security has the autonomy to pick up pieces of work and drive them".

How to hire a security staffer

Hirst looks for people who are experimentational and "ready to take on some chaos", saying this means people who are flexible enough to react to different situations.

On the other hand, Gavin said that often it's important to develop the individuals in your team from scratch, admitting: "One of the tricks we often miss is not developing people once we have someone on board."

Advertisement - Article continues below

DWP's Islam said that you have to give individuals the opportunity to develop based on the skills they have, while Network Rail's Watts highlighted that even if a candidate has the right technical skills, they need soft skills too. "I would bring someone like that into my team and develop them," he said.

Do companies need to change their hiring methods?

"Rethinking needs to happen" Gavin argued, adding that The Economist Group develops a list of must-have qualifications, while keeping an open mind if an exciting candidate has an unusual background.

In order to attract more people to the industry, Skyscanner has tried to embed itself in groups that exist in Scotland to try and attract people to the job specification, said Hirst. He also highlighted that there was a distinct lack of young girls going into security, and the sector as a whole, questioning why they aren't being encouraged to enter. "I dont have the answer" he said, "but we are trying to change things in the UK."

Gavin added: "We need to make sure that young people understand that the jobs of tomorrow will not exist today. When I joined the workforce, cyber security did not exist."

Picture: Bigstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/mobile/mobile-phones/356335/the-man-has-ruined-my-huawei-p40
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020