What Companies Need

By Lee Black

Lee Black is Vice President of Cyber Security Consulting at Orbis Operations.  He has 20+ years of combined intelligence and IT security experience. He served several years in the CIA's National Clandestine Service and the Directorate of Science and Technology. The views in this article are those of the author, and do not necessarily reflect the positions of his employer.

There is a dearth of talent in the cybersecurity industry, and the talent that does exist tends to be very specific, with some skill sets being more rare than others. An IT guy with 15 years of experience in network engineering is not interchangeable with a skilled penetration tester (pentester), though these are both certainly needed skills for a cybersecurity program. For many companies, the lack of pentesters is a significant problem. And while there are a lot of pentesters working in the industry, there is still a shortage of exceptionally good ones.  What separates a mediocre pentester from a good or a great one, is not the number of tools or scripts memorized, nor how many certifications are listed on the resume.  No, it is by how cunning he or she is, and how shrewdly a pentester thinks. But even the really great pentesters still fall short in the expertise and mindset that a company needs when defending itself. 

What companies need is access to people with real world expertise, people who have a bit of a malicious mindset, and who have had the opportunity to perfect it – legally of course.  People whose skills and talent have been honed through extensive experience of planning and executing cyber attacks.  Essentially, these are people who have been advanced actors  working for the U.S. government against our nation’s adversaries.  In government parlance, these would be people with computer network operations (CNO) experience, computer network exploitation (CNE) experience, and operations officer (aka case officers).  The NSA and CIA are the premier proving grounds for this kind of experience, although there are a few other agencies that have a smaller portion of resources with similar experiences.

“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Subscriber+

Categorized as:Tech/CyberTagged with:

Related Articles

Search

Close