Organisations need to build a robust defence to ensure they can manage and mitigate cyber risk. This defence must combine people, process and technology. At the heart of this defence is a well-structured cybersecurity team that combines technical and non-technical expertise with strategic vision to form a robust defence against ever-evolving threats.
In this article we consider some of the key team members, from entry-level to leadership, and the role they each play in a consider approach.
Security Analyst:
Security analysts monitor security logs, detect suspicious activity, and perform basic vulnerability assessments. They help inform security incident management procedures and update monitoring solutions to identify Indicators of Compromise they discover.
Security Analysts may be part of an internal team, an outsourced Security Operations Centre (SOC) or both.
Skills: Strong analytical skills, knowledge of security tools and incident response procedures. Ability to work under pressure.
Security Engineer:
Security engineers design, implement, and maintain security controls like firewalls, Intrusion Prevention/Detection Systems (IP/DS), and access control systems.
Skills: Networking knowledge, proficiency in security tools and scripting languages.
Security Architect:
Security architects design the overall technical security posture of an organisation, defining security principles, strategies and selecting appropriate security solutions.
Skills: Extensive security knowledge, understanding of security best practices, strong communication and collaboration skills.
Security Risk Manager/Analysts:
Security risk professionals identify and assess security risks to an organisation's data and information systems, and this may include third-party risk management. They work with other subject matter experts to ensure an appropriate response is in place, aligned to the organisation's risk appetite.
Skills: Strong analytical and problem-solving skills, as well as strong communication and collaboration skills.
Security Culture and Awareness Specialist
Security culture and awareness specialists focus on the human behaviour aspect of security. They design engaging and informative training programs, and cultural change initiatives such as gamification and recognition programs.
Skills: Understanding of human behaviour in terms of security. Strong communication and collaboration skills.
Chief Information Security Officer (CISO)/ Head of Security/Manager
The CISO, or Head of, is the senior stakeholder responsible for an organisation's overall cybersecurity strategy and risk management. They report to senior management and advocate for security investments.
Some smaller organisations may decided that a C-Level stakeholder is not required, and therefore hire a Head of/Manager that reports to the C-Level.
Other organisations may engage the services of a CISO-as-a-Service to provide the strategic vision, allowing the Head of/Manager to focus on operational aspects.
Skills: A strategic thinker, with excellent communication and collaboration skills. Focused on managing risk, and an understanding of compliance and the regulations relevant to the business they support.
Another role, which may be assigned to an existing team member, or third-party, is that of an incident manager. Larger organisations may have a dedicated incident team, whilst smaller organisations may assign that role as needed, such as to the CISO or a team leader within security.
Some organisations also develop more technical security assurance skills, such as ethical hackers that can perform penetration testing, to identify vulnerabilities in the organisations systems and applications, or work collaboratively with the Security Analysts to war-game scenarios and improve detection capabilities. Of course, many rely on third-parties to provide these specific technical skills.
The CISO Reporting Line Debate
This topic is often debated amongst the security community, especially with the growing importance of cybersecurity.
The debate really boils down to two main viewpoints:
Reporting to IT: This maintains alignment between IT operations and security but might limit the CISO's influence on broader business decisions, as well as introducing conflicts of interest.
Reporting outside of IT: This can emphasise the strategic importance of cybersecurity and gives the CISO direct access to business leaders, reducing potential conflicts of interest with IT. However, this may also result in misalignment with IT and create friction.
When considering the reporting line outside of IT there several options, such as reporting directly into the CEO, or into a business function such as Finance, Risk or Operations. There is no one-size-fits-all answer. The optimal reporting line depends on the organisation's size, maturity, and risk profile.
Whichever reporting line is chosen, the role of the CISO or security leadership is about building and maintaining relationships. This must be able to be achieved regardless of reporting line.
Building a Cybersecurity Team
A modern cybersecurity team is well-structured, with diverse skillsets working collaboratively. By considering the roles within a security team and the leadership structure, organisations can build a robust defence and foster a culture of security awareness.
When building a cybersecurity team, organisations can use a combination of internal and external resources. This ensures smaller organisations, or those with limited security budgets, can access experienced individuals to help manage their risk profile.