The New CISO Podcast: Invest in Your Team
On this episode of The New CISO Podcast, Zane Gittins, IT Security Manager and co-founder of Rincon Security, discusses what he’s learned about building and managing an IT team. From computer science to consulting, Zane shares the journey of his career and what has led him to focus on cybersecurity visibility. He also talks about his approach to training security teams , how he keeps up to date on his business and the security industry, and the importance of documentation.
In this article:
- Good help isn’t hard to find if you’re willing to invest
- Security visibility enables the business
- Stay current, stay relevant
- Skills diversification and cross-pollination
Good help isn’t hard to find if you’re willing to invest
Zane breaks down the misconception that it’s impossible to find good staff. Zane states, “I think a lot of companies aren’t willing to take the step and take the leap and actually invest in junior people and properly training them up. I think there’s a lot of awesome training within the security community. It’s not necessarily cheap, but if you’re willing to invest in people, hiring isn’t really as difficult as everyone makes it out to be.”
Zane also goes in-depth on what he looks for in a candidate and how when it comes to junior people, the main thing he looks for is an interest in the security field. This is because when you’re teaching someone, they pick up what you’re teaching a lot more quickly if they’re actually excited about the subject.
Zane believes that people who are great communicators perform well in security. He sets up “lunch and learns” as a way to meet and bond with people in other areas of the business. He describes these as “a really informal, ’Hey, let’s have lunch together,’ he says to his colleagues. ‘Let’s talk about what you’re concerned about from a security perspective. Let’s see what we can do on the technical side to maybe ease those concerns or limit some of that risk that you’re worried about.’”
If Zane could change one thing about his journey in security, he says, it would be to meet key members of the business sooner. Through making connections, Zane has learned what their concerns and risks are when it comes to security, and how he can help in those areas.
Security visibility enables the business
With security visibility as his top priority, Zane focuses on updating business systems and tools, onboarding new people, and helping the business move in the direction it wants to go. Zane says, “On a technical side, the biggest thing I really focus on is visibility. It’s a lot of tuning log sources, adding in new log sources, and directing and training my team on how to search and hunt through logs. As a business grows, you bring in new people, you onboard new applications, you start using new operating systems, maybe you move to the cloud, and all those places are key areas where you need to have visibility from a security perspective.”
Stay current, stay relevant
Zane also talks about how he keeps up with changes in the business, stressing the importance of being aware of what the business’s future plans are, “Even from an IP side of things, what new applications are they looking to onboard? How are they looking to change how people work? Just connecting with the business and knowing where they want to go and what new technology they’re bringing in.”
Zane also spends several hours a week staying up to date on current trends, utilizing Twitter to keep abreast of cybersecurity news. This preparation also helps him give context to family, friends, and coworkers who hear about security stories in the media.
Zane must stay on top of things to prevent threats, and in particular, he is concerned about supply chain attacks and any new type of attack we do not yet know exists. Zane describes his job as high pressure, explaining, “If something doesn’t get detected, on some level that’s on you. It’s also on the business. They need to give you the correct resources so you can function properly, but you also need to communicate what resources you need. Also, make sure you have the correct visibility.”
Skills diversification and cross-pollination
Hunting down false positives all day, every day can be fatiguing. Zane shares how weekly practice challenges have boosted the confidence and knowledge of his team, “We have a once a week meetup where one person in the team writes a challenge and the other people in the team solve it. The challenge is supposed to be just a short scenario, maybe five to 20 questions, where the person who writes the challenge actually emulates some sort of adversary technique. The other peak members of the team then answer those questions. At the end, you see if you got the answers right and you discuss and see what you could maybe change in your actual SIEM to get better logging.”
Zane details some of the specific skills and tools he and his team have utilized as they’ve grown. As there are a lot of tools to learn, Zane encourages team members to take a divide-and-conquer approach to training, “Everyone in the team needs to have at least some level of competence with each tool,” he says, “but I think it makes sense to train up certain people to really be experts on, maybe you have one person who’s an expert on EDR, cloud, and DLP and your other person is an expert on SIEM, logging, and visibility.”
For scalability, document everything
Zane understands that by documenting everything, he and his team can better scale and onboard, stating “Something I have my team members do, is if they’re deploying a new tool, writing a new piece of code or a new program or whatever it may be, is having them document it as they do it. Because the only way we can scale is to document what we’re doing. As we bring more people on, they can read that documentation.”
For more insights from Zane, listen to the podcast.
36 InfoSec Resources You Might Have Missed in October
Overview of Exabeam SIEM and Security Analytics Product Innovations
Understanding UEBA: From Raw Events to Scored Events
Exabeam Alert Triage with Dynamic Alert Prioritization Now Available in Exabeam Fusion and Exabeam Security Investigation
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!