Becoming an All-Around Defender: Social Engineering Your Way to Success

It’s not easy being an All-Around Defender, or cybersecurity generalist. Not only do you need to have a broad base of fundamental knowledge and skills and understand a wide variety of technologies, but you also need to keep up with an ever-evolving field – one that is regularly disrupting itself as new technologies are developed and new attacks and defense tactics emerge.

For such a dynamic field as cyber defense, regular training becomes a necessity. But in order to get your business to support (and pay for) your cybersecurity training, a little harmless social engineering may be in order, say SANS Certified Instructors Justin Henderson and Ismael Valenzuela.

AppSec/API Security 2022

There are certain tricks that can be used to help show mutual interests and prove to your employer that they are getting a piece of the pie when they invest in your training, Justin says.

“For example, when I started taking SANS courses, my employer initially said no because they are expensive,” Justin says. “So what I did is I took a blueprint of what was covered in the course I wanted to take, and then I mapped that against our annual budget items.”

Justin was able to show that if his employer invested in training him, he could learn certain skills that would eliminate the need for the business to spend a much more substantial chunk of the budget elsewhere. Plus, he showed how the training would teach him to do other things that weren’t even covered in the budget and provide added value.

It’s important to show the value after completion as well, Justin says. “You’ve got to toot your horn and prove that the $7,000 class you just went to was justified. It’s not being prideful, it’s just putting proof in the pudding.”

These tricks extend far beyond just getting approval for training, Ismael says. They can be applied to getting support from the business to do something new in the SOC or just in maintaining your job.

The more cost savings you show, the easier it’s going to be for a manager to approve, Ismael adds. If you want to fix something, you could just tell them it’s no good and needs to be fixed, but no one will respond to that, he says. The other approach would be to show management why something is bad with data. “Showing the data and selling it essentially make it easier for somebody to get on board.”

“It’s about presenting things in the right ways,” Ismael says. “Words can be deceptive. If you tell your employer you want to deploy a ‘honeypot,’ you may get an entirely different response than if you tell them you want to deploy ‘early warning systems.’ It’s exactly the same thing but sold in a different way. What I typically say to students is that this is marketing. The vendors use this against us, and you can use the same strategy and mental tricks to sell yourself and your products – sell the value of what you want to do.”

“In terms of analogies, it’s like a marriage,” Justin says. “If I say, ‘Honey, I want to buy a boat because I want to go fishing.’ Well, you’re not going to get the boat. But if you say, ‘Honey, I want to buy a boat because I want to take our family out and the kids out for nice days on the lake,’ you’re painting a different picture and you might just get the boat.”

Leveling Up as an All-Around Defender

Justin Henderson and Ismael Valenzuela are continuing their mission to help All-Around Defenders level-up in their careers and reach success. In the most recent webcast in their series (below), they share some of their past achievements in approaching employers to get the resources they needed to reach success.

If you missed the past webcasts in the series, you can catch up and learn more about what was covered in these resources:

Ismael and Justin are also the co-authors of SEC530: Defensible Security Architecture and Engineering, currently available for registration in our Live Online and OnDemand formats. Demo the course for free here.

*** This is a Security Bloggers Network syndicated blog from SANS Blog authored by SANS Blog. Read the original post at: