Recent security graduates entering the world of incident response, or those with a strong security background making a career move, face a challenging environment that often leads to frustration and burnout.
Speaking from personal experience, Lesley Carhart, the Incident Response team lead for Motorola Solutions' Security Operations Center (SOC), will address the burnout associated with incident response careers, by putting special focus on those entering the profession for the first time, during a presentation at CircleCityCon in Indianapolis this June.
Carhart's talk looks at the human side of incident response, and avoids discussion of methodology. Instead, she's created a roadmap based on "lessons learned" from her time in the trenches, and how these lessons can be used to build (not burn) bridges between the security and business worlds.
In an outline of her talk for CSO Online, Carhart said that she has seen numerous examples of burnout within the security community and in the SOC as they train newcomers.
"While effort is being made at a regulatory level to provide organizational incident response processes and procedures, little attention is being paid to training human beings to be better equipped incident responders," she said.
Moreover, while there is plenty of public knowledge and training available when it comes to incident response methodology, none of that fully prepares newcomers to the field; especially when it comes to dealing with complexity, stress, or the relationship between security and the business.
"By not providing adequate foundation for dealing with these problems, we're failing the next generation of DFIR professionals. Bright young people who have excellent technical education often fail or quit when they are faced with corporate bureaucracy, high pressure cases, and a lack of business skills," she explained.
Nobody Cares About My Exploit
"I'm going to start with the most contentious of my rules, yet the one that I personally find causes the most stress and failure to technical people moving into incident response," Carhart says.
The story starts with a brilliant young hacker, a new hire that has developed a new tool, finds an interesting vulnerability, or develops a plan for dealing with some variant of a given piece of malware. When these findings, tools, or plans are presented to management, the hacker is told to get back to work.
"It would take a sociologist to say whether the average hacker personality type is partially a byproduct of the millennial generation, or something totally unique. Regardless, security professionals tend to be creative, intelligent, and independent," she added.
But these traits don't always mesh with corporate society, so the first rule that new incident responders need to learn is how to sell things to their organizations. While accomplishments matter, they have to be presented in a way that quantifies value.