Has Your Security Intelligence Education Prepared You for the Tests to Come?

The case for breaking down silos and taking an interdisciplinary approach to intelligence

In 1983, Dr. Howard Gardner, a well-known psychologist and professor at Harvard, developed his theory of multiple intelligences. Gardner argued that the traditional notion of intelligence was too limited and encouraged educators to take a more interdisciplinary approach to designing their instruction.

Turns out that this theory can also be applied to the “intelligence” label used in the security industry. While some are inclined to see intelligence as part of a single discipline—regarding it as an analyst’s specialization or an executive’s “elective”—intelligence is used to transform decision-making for the entire business.

As such, it doesn’t fall under the purview of one subject but should be part of a interdisciplinary curriculum. However, the intelligence label has been siloed, said Flashpoint CEO Josh Lefkowitz. In security, it is often technical- and indicator-based, largely accessible only to those who think in 1s and 0s.

Most often, intelligence is used to refer to things such as indicators of compromise (IOCs) or malicious IP addresses. While those are important components of an intelligence program, they are insufficient. Intelligence has evolved to be a blend of the tactical and strategic.

Those organizations that continue to operate their cybersecurity team in a silo likely are finding they are not having the impact that intelligence programs can—and should—have. Enterprises that have the most successful intelligence programs use it as a catalyst and an enabler for making better decisions, Lefkowitz said. “They have the ability to translate the work that cybersecurity teams are doing on a day-to-day basis and elevate the discussion.”

Taking the Intelligence Test

How do you know if your organization is using intelligence to enable business stakeholders to make better decisions? Take the interdisciplinary intelligence test to see if you’re making the grade across all of these disciplines.

English: Are you speaking the language of business stakeholders, or is there a disconnect? Are decision-makers not able the understand the relevance, applicability and actionability of what their colleagues are providing? Does the terminology you use go so far into the weeds of technical data that you actually lose the headlines around business risk? Are you communicating in a way that resonates from the lens of the business stakeholder to drive decision-making?

History: Do you have context, or are you lacking in attaching sufficient context around the data? Passing the history grade means that you have full context of the threat, the actors and the geopolitical trends so that you understand the who, what, when, where, why and how of the situation you are assessing.

Math: Business stakeholders want to be able to calculate risk to specific business activities and the business overall, but it’s not always feasible to quantify risk. Are you able to see risk on a spectrum with colors of nuance in between milestones? If everything is a risk with no filter to help you prioritize, you can’t make better decisions.

Science: Technology is not the magic bullet to mitigating risk. Are you able to strike the right balance of technology and human analysis? It’s imperative to have humans in the loop, which means that subject matter experts (SMEs) are able to speak a broader language. Then, pair the SMEs with software developers and others.

What Does Intersecting Intelligences Look Like?

Undoubtedly, you will use tools and technology but you also have to have highly experienced people who have the linguistic, logical and interpersonal skills to engage with the technology and business stakeholders.

In her 2016 article in Forbes Magazine, Christina Wallace wrote, “Whether you’re trying to create something new inside an existing organization or tackle it from the ground-up on your own, the ability to associate directly translates to an ability to find diagonal solutions to your most challenging problems.”

That’s what an interdisciplinary approach to intelligence looks like—effective problem-solving, which begins with identifying your business priorities. Lefkowitz said, “If you don’t know priorities, it’s hard to develop metrics and budgets. That’s a process that starts with knowing risk and prioritizing risk using priority intelligence requirements (PIR).”

Making intelligence part of the required interdisciplinary curriculum for your organization will help to break down silos and enable a more successful whole business approach to using intelligence in today’s threat landscape.

Featured eBook
SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters

SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters

SANS threat hunting experts Mathias Fuchs and Joshua Lemon capture the different needs within organizations that are just starting their threat hunting journey, versus those who are honing their skills and programs. Read the report to help grow your program and improve threat hunting with: Definitions of threat hunting Methodologies of performing threat hunting Spending ... Read More
Kacy Zurkus

Kacy Zurkus

Kacy Zurkus is a cybersecurity and InfoSec freelance writer who has contributed to several publications including Medium, CSO Online, The Parallax, InfoSec Magazine and K12 Tech Decisions. She covers a variety of security and risk topics. She has also self-published a memoir, "Finding My Way Home: A Memoir about Life, Love, and Family" under the pseudonym "C.K. O'Neil." Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). In addition, she's also spoken on a range of cybersecurity topics at conferences and universities, including SecureWorld Denver and the University of Southern California.

kacy-zurkus has 60 posts and counting.See all posts by kacy-zurkus