Looking long is an important skill for cybersecurity and fraud teams to develop
When I was younger, I wore glasses for distance. I had no problem reading without glasses in those days. As I’ve gotten older, my distance vision has improved, and I now need glasses for reading and computer work. Sadly, trying to read or work at the computer without glasses is now headache-inducing.
You might ask what my middle-aged vision has to do with security and fraud. If you know me and follow my writing, it likely won’t surprise you to hear that I believe there are important lessons we can learn from my declining near vision.
There is a metaphor of sorts here. As we get older, some of us get wiser. Life experiences bring with them life lessons. If we are paying attention, we might be fortunate enough to gain a little bit of wisdom out of our experiences. And a big part of wisdom is being able to see off into the distance – figuratively speaking, of course.
Along those lines, I’d like to offer five ways in which “long-sightedness” can improve our security and fraud programs:
1. Think strategically: It is too easy to get focused on extremely short-term, tactical tasks. A critical incident. An urgent concern or inquiry from upper management. The hot topic of the day. Just one more super important project. You get the idea. While security and fraud teams can’t simply ignore these tasks, there is another option. Thinking strategically and setting long-term goals allows teams to build a framework within which they can prioritize tasks. Having an agreed upon, approved framework allows for decision making to happen strategically. In other words, if something is truly an emergency, it will come at the cost of something else that has already been agreed upon as critical or a priority. You’d be surprised at how often those quick to throw a tactical log on the fire will back down when they realize it will cost them something else they want longer term. This allows security and fraud teams to continue working towards their long-term goals, even as each day brings with it its twists and turns.
2. Take short-term steps towards long-term goals: Following on to the point above, any short-term steps that are taken should help address long-term goals. If valuable resources are working on tasks that do not help with the long-term goals and do not work towards the long-term strategy of the organization, then it is time to ask some questions. Why do we need to work on this particular task? If, for example, the answer is that one or more customers are demanding it, then a follow-on question needs to be asked. How did we get into this situation? This often highlights a strategic gap that needs to be addressed, at which point the team can return to the previous step and improve their strategy. It may be difficult, but setting aside time and ensuring there are resources for long-term goals is essential.
3. Avoid shiny objects: Weak leaders are short-sighted. They will panic and knee-jerk when a shiny object comes along. Strong leaders are always looking far ahead. Aside from thinking strategically and working towards long-term goals, strong leaders also have an ability to anticipate crises that may arise in the future based on decisions they make today. This skill helps them avoid crises before they happen and also helps them avoid the tragic situation that so often arises with weak leaders – running from crisis to crisis and from fire to fire. Lunging after shiny objects is often a major reason why weak leaders get into this situation.
4. Stay focused: Actions speak louder than words. This is particularly true when it comes to being long-sighted. It is easy to agree to, commit to, and pay lip service to a variety of issues that arise. At some point, however, people will expect the team to make good on those agreements, commitments, and words. This is where thinking strategically, working towards long-term goals, and avoiding shiny objects come together. Staying focused on the long game helps security and fraud teams achieve in action what they promised in words.
5. Direction check: As organizations travel down the long-term highway, they will periodically need to check and make sure they are heading in the right direction and on the right path. Organizations should design and collect metrics that accurately measure progress. These metrics should be analyzed and reviewed periodically to evaluate progress, check that expected timelines are realistic, and/or see if any directional adjustments are required. In addition, the environment in which the business operates should be evaluated to see if risks, threats, priorities, or other factors have changed. That, naturally, will also have an impact on the strategy and long-term goals of the organization.
Looking long is an important skill for security and fraud teams to develop. Strong leadership, a focus on achieving impactful long-term goals, and the discipline to achieve those goals are all important parts of the game. It does take effort to be long-sighted, but it is well worth it.
Joshua Goldfarb (Twitter: @ananalytical) is currently a Fraud Solutions Architect – EMEA and APCJ at F5. Previously, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.Previous Columns by Joshua Goldfarb:Tags: