Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What it takes to be a security incident responder

Bob Violino | June 22, 2017
A wide range of technical skills and curiosity about the mechanics and goals of an attack are key for effective incidence response.

Cyber security response teams are keeping busy these days, with an abundance of hacking and other attacks launched against organizations on a regular basis. The professionals who make up these teams are skilled in evaluating and responding to such attacks in a timely manner and can minimize damage for organizations.

“The demand for cyber security incident responders remains high,” says Debbie Henley, president and co-founder of Redbud, an information security recruitment firm. Two of every three placements by Redbud are either directly or indirectly related to filling an incident response role. “When an organization reaches out to us it’s normally because they are struggling to find qualified professionals on their own,” she says.

Driving the demand is not only the increase in cyber criminal activity, but the fact that more organizations are realizing the need and are rushing to fill out—or start in many cases—their cyber defense teams, Henley says. “With a global cyber security workforce shortage of 1.5 million projected unfilled roles by 2020, incident responders [are] a big part of that,” Henley says. “The shortage is staggering.”

Outsourcing of incident management is certainly a viable security approach, Henley says. “Based on the requests Redbud receives for incident responders, it appears that about 65 percent of incident response management is handled in house, so it is certainly a mix,” she says.

The skills needed for a quality incident responder can be categorized into two main groups: personal skills and technical skills. The greater one’s technical skills, the better the incident responder,” Henley says.

Among the desirable skills are a good grasp of basic security principles such as confidentiality, authentication, access control and privacy; security vulnerabilities; physical security issues; protocol design flaws; malicious code; implementation flaws; configuration weaknesses and user errors or indifference.

Responders should also know about the Internet of Things (IoT), risk management, network protocols, network applications and services, malicious code, programming skills and intruder techniques.

IT security professionals who become leaders or members of response teams sometimes take circuitous routes to these positions. For example, Rob Sherman, director of incident management at packaged bakery foods provider Flowers Foods, originally sought to work as an administrator for Unix and Windows operating systems.

While attending Mt. Vernon Nazarene college as a business administration and computer science major, Sherman quickly found out that he wasn’t interested in a programming career, so he put his degree on hold. Sometime after Sherman decided to complete a management degree in business at Wilmington College, and later “fell into” a job as a computer forensic investigator at financial services firm GE Capital in 2006, eventually becoming chief forensic investigator.

Among Sherman’s responsibilities were to lead his team on analysis and recovery from multiple incidents, conducting digital forensic analysis and electronic discovery. While working in this position, he obtained a masters degree in digital forensic management at Champlain College.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.