Creating a Ready-for-Anything Incident Response Team

There’s one thing I learned when I started working in technology and cybersecurity training during the dot-com boom of the 1990s: The rapid adoption of technology is an incredible accelerator for businesses, but it also creates huge challenges around security.  

Like the dot-com boom, the COVID-19 era has seen businesses adopt technology at an incredible rate, with organizations sometimes struggling to understand the security implications of new tech. Video collaboration became a “table stakes” technology seemingly overnight, and organizations also rapidly ramped up their use of VPNs, mobile devices, cloud services and other remote work tools. This accelerated adoption was obviously necessary to support widespread remote work, but many of these tools can open up new vulnerabilities.

With this in mind, it is important for organizations to deploy best-in-class cybersecurity tools while also creating a cybersecurity team that is ready to respond to and mitigate security incidents. 

Here’s how.

Cybersecurity talent is at a premium — and in some cases, it is plainly impossible to find. Organizations should be clear in their job listings about exactly what they need their people to be able to do. This may sound simple, but many job ads will list requirements for certifications or years of experience without ever explicitly mentioning specific skills and abilities expected from successful candidates. 

In addition, organizations can effectively recruit from within by assessing their existing employees’ skills and aptitudes. Workers who display strong problem-solving and analysis skills are prime candidates for cybersecurity and incident response training.

Cybersecurity can be a tiring, thankless field. Often, cybersecurity professionals only receive attention if they make a mistake. And the monotonous task of monitoring logs and alerts all day quickly takes its toll on people if they’re not given opportunities to exercise their skills in other ways. 

Organizations can mitigate this fatigue by adopting alert management tools and services that filter out the “noise” of false alarms and allow professionals to focus on true threats. Also, it’s important to let employees rotate through different job roles. This breaks up the repetition associated with alert monitoring and gives cybersecurity professionals the chance to develop other competencies, putting them on a potential path to leadership positions. Without room for advancement, many cybersecurity professionals will leave an organization after only a couple of years.

The nature of incident response is that cybersecurity professionals will not (hopefully, at least) have many chances to put their incident response skills into action in the real world. To stay sharp, employees must be provided with periodic live, immersive training, where they’re able to put their hands on their keyboards and practice the capabilities they need to be effective at their jobs. 

Additionally, organizations should provide just-in-time training that evolves along with the threat landscape. When possible, employees should be put in charge of designing training scenarios and challenges for one another. This can spur comradery, encourage creative thinking and foster leadership skills.

Entry-level employees need ongoing guidance to develop professionally. Seasoned employees should serve as mentors, helping newer workers to get up to speed. Organizations can even encourage senior employees to contribute to the success and development of junior employees, for instance, by providing incentives for helping mentees reach certain milestones and certifications. 

Finding, training and retaining effective cybersecurity staffers isn’t easy. But by taking a strategic, people-centered approach, organizations can build stable, effective teams that are able to keep their environments safe and rapidly respond to cybersecurity incidents.

Story by Buffy Ellis, who is the executive vice president of Focal Point Academy, bringing over 30 years of experience in network design, vulnerability assessment, penetration testing and security analysis to lead a team of phenomenal technical experts in delivering hands-on cyber training courses.