Haiku #10 Sheepdog
Sheep dog, over watch, scout
Blue teams defend family
Teammates, friends, shared goals
Those of the cyber community who play an active role in defense of our communities have many images ascribed to them. Perhaps my favorite is that of the sheepdog. Every day I pass two diligent sheep dogs guarding a local herd. They stand, move, sit, or roam around the herd. Always watchful for threats.
In infantry fighting tactics such a person can be referred to as “over watch”. Someone who takes a position of high ground with the purpose of helping to direct the flow of battle and protect teammates from unexpected changes in the battle.
As blue teams implement new policies and watch various tools for anomalous activities, it’s important to remember that their “phenomenal cosmic power” comes at a price. They are often perceived as snoops (because we really must be reading everyone’s email), as antagonists (because surely there multi-factor blah-blah-blah is something we implemented just to make work harder),
There’s been a rising tide of people attempting to get their arms around the burnout rate in the cyber security industry. I’m not an expert in any kind of psychology, but having been in some form of cyber security job for quite some time, and having worked in organizations that valued such work in wildly different ways, I think the key is making sure that the people at all levels of the cyber security team receive quality “care and feeding”.
This essay isn’t meant to be a treatise on leadership; however, if SOC teams are the sheepdogs for the organization, then SOC leaders are the sheepdogs for that team. Keep the team safe, paid well and timely, challenge their intellects and provide educational opportunities. Make the alerts a part of the job rather than the whole job.
This blog is primarily a way for me to collect and share thoughts about cybersecurity, my profession for over 20 years. Since I also like to write, I’ve organized it by the haikus that I’ve written (in the order written and published on LinkedIn and various other social media outlets). I enlisted in the Marine Corps as a Morse Code Interceptor in May 1995. Throughout my initial schooling, I was introduced to two critical foundations of information security: binary language and cryptology. After initial training I reported to Officer Candidate School in September 1996. Upon completion of initial officer training, I reported to Communications Information Systems Officers Course, which reinforced lessons learned in the cryptanalysis training and fostered a deeper understanding of networks as a whole. For three years, I applied these lessons on numerous deployments throughout the Far East, managing the installation of various types of networks for numerous exercises. In February 2001, after completing my initial active duty contract with the Marine Corps, I accepted a job at Booz Allen Hamilton. While working as a government contractor, I worked on satellite communications projects at Headquarters Marine Corps (HQMC) C4 and United States Pacific Command J6. When I reported to HQMC Manpower and Reserve Affairs (M&RA), I led a software development and securing of a large-scale ERP with over 100 spin-off supporting applications. Subsequently, I served at 4th Marine Division as the AC/S G-6 managed the RMF (formerly DITSCAP/DIACAP) integration of over 40 remote, temporary connections to the Marine Corps Enterprise Network. At every duty station since becoming a communications officer, I have been directly involved in securing networks. While in Japan I focused on deployed networks throughout Asia. Later I worked on securing networks in Southwest Asia and as the Information Assurance Officer for Manpower and Reserve Affairs. I’ve worked on cyber workforce development policy for the Reserve component while on the Joint Staff and at Marine Forces Reserve. What I’m truly passionate about is the art of articulating information technology requirements to C-level leadership both inside the Department of Defense and in commercial industry. As a career cyber security Marine, I see the next great challenge as keeping the population informed on current and emerging threats and wants to devote his professional life to teaching others in that area. My certifications include CISSP, GSLC and Security+. I earned a Bachelor of Arts degree in Spanish from DePauw University in Greencastle, Indiana and a Master of Arts in Romance Languages from University of New Orleans. Through my experience and higher education, I also enjoy mentoring other technical professionals and those who aspire to greater technical expertise in Spanish and French as well as English. I live in Covington, LA with my wife Nedra and our spoiled pack of wild hounds: Rex, Reina, Hogan and Henry. View all posts by John Keenan
Originally published at http://johnkeenanoncybersecurity.wordpress.com on January 27, 2020.