IT and cybersecurity teams have had a long-standing battle between functionality and security. But why? To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact how IT and cybersecurity teams interact. With different levels of budget, competing goals, and a history of lack of communication, there is a lot of work to do to bring these teams together. Empathy and emotional intelligence are common phenomena discussed in leadership books, so why not at the practitioner level? Technical teams are constantly juggling projects, engineering tasks, risk management activities, security configurations, remediating audit findings, and the list goes on. Understanding how psychology and human factors engineering practices can improve both IT and cybersecurity teams can positively impact those relationships, as well as strengthen both functionality and security. There is no reason to have these teams at odds or competing for their own team’s mission; align the missions, and align the teams. The goal is to identify the problems in your own team or organization and apply the principles within to improve how teams communicate, collaborate, and compromise. Each organization will have its own unique challenges but following the question guide will help to identify other technical gaps horizontally or vertically.
Author(s): Nikki Robinson
Publisher: CRC Press
Year: 2022
Language: English
Pages: 198
City: Boca Raton
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
List of figures
About the author
1 Background of IT and cybersecurity fields
Background
History of IT
History of cybersecurity
Where IT meets cybersecurity
Cybersecurity education
IT education
Software developers
Major shifts in IT/cybersecurity
What is the problem?
2 Roles and responsibilities in IT
Roles in IT
Helpdesk
Systems engineering
Network engineer
Software developers
Database administrator/data science
Cloud administrator/engineer
Infrastructure architect
Technical team leads
Operational technology engineer
IT generalist vs IT specialist
Conclusion
References
3 Roles and responsibilities in cybersecurity
Roles in cybersecurity
Security analyst
Security Assessors/Auditors
Security Engineers (SEs)
Security Managers (SMs)
Security architects
Red teams
Incident response
Digital forensics
Governance, risk, and compliance
Security researchers
Threat intelligence analysts
Conclusion
References
4 Where IT meets cybersecurity
Technology meets cybersecurity
People, process, and technology
People
Secure configuration
Risk management
Legal and privacy concerns
DevSecOps
Architecture
New IT/development projects
Empathy in IT and cybersecurity
Conclusion
References
5 The disconnect (IT vs cybersecurity)
The disconnect
A history of discord
Functionality
Security
IT vs cyber: round 1
IT vs cyber: round 2
IT vs cyber: KO
Education
Certifications
Conclusion
6 Separation of duties
Introduction
Separation of duties
Job rotation
Typical IT duties
Typical cyber duties
Incident response
Permissions
Siloed teams
Helping or hurting?
Conclusion
References
7 Management interaction
Management interaction
SOC leads
IT operations leads
Security management
IT management
CISO engagement
CIO engagement
Conclusion
8 Financial issues and responsibilities
IT budgets
Cybersecurity budgets
IT tools
Cybersecurity tools
IT services
Cybersecurity services
IT projects
Cybersecurity projects
IT resources
Cybersecurity resources
IT goals
Cybersecurity goals
IT versus cybersecurity
9 Education gaps between IT and cybersecurity
Introduction
IT certifications
Cybersecurity certifications
IT higher education
Cybersecurity higher education
IT training options
Cybersecurity training options
Vendor-agnostic certifications
Vendor-specific certifications
Industry expectations
References
10 Bridging the technology and cybersecurity gap
Where we are now
Where we need to go
Emotional intelligence
Aligning goals
Leading with empathy
IT and security liaisons
Technical and practical meet
Cybersecurity foundational knowledge
Communication gaps
Where we could be
11 Embracing functionality and security
Missed opportunities
Functionality is not a four-letter word
Embracing security
Problem-solving and decision-making
Encouraging both operations and cybersecurity
Compromise as a tool
Adaptability
Understanding cognitive limitations
Understanding personality types
Our differences make our teams stronger
References
12 Creating new roles
Thinking outside current job descriptions
New types of IT roles
New types of cybersecurity roles
IT security liaison
Cybersecurity operations liaison
Incident response/operations specialist
IT/cybersecurity cooperation working group
Human factors security engineer
Human factors IT specialist
Cybersecurity EI (emotional intelligence) engineer
Conclusion
13 Building trust and new relationships
Letting go of the past
Getting rid of preconceived notions
Approaching projects in a new way
Early and often open communication
Have fun with it
Considering the other side
Improve security and functionality
Changing meeting structure
Remove siloed groups
Encourage collaboration
Building trust
14 Path forward
The problem
Bridging the technical gap
Human first
Behavioral analysis techniques
Technology and security second
Vertical and lateral changes
Current state
Desired state
How can we get there?
Final thoughts
Reference
Index
