One of the oldest clichés in security is “security is a journey, not a destination.” It is clear that, when it comes to defending ourselves and the enterprise, we never reach the end. There is always going to be a new challenge. Life is that way. We are always moving.
One theme associated with life’s travels is the “hero’s journey.” This template—where a hero goes on an adventure, is victorious over a challenge and then is forever changed because of it—took root in ancient cultures as people used epic tales to describe the origin of the world, explain human interaction and rationalize strange phenomenon. The tales of Gilgamesh, Odysseus and Beowulf are examples. In the modern era, the hero’s journey is a formula used for today’s entertainment. This is epitomized by the “Lord of the Rings,” “Star Wars” and “The Matrix.”
The hero’s journey, as we know it, originated with philosopher Joseph Campbell’s monomyth. His study of hero myths from various cultures led to the discovery that common themes run throughout hero journey stories. He called this a monomyth. In the monomyth a person begins in the ordinary world and is called to adventure. Though hesitant, the individual accepts the quest and sets out on a journey. The hero enters a strange realm where various challenges and ordeals must be overcome. With help from allies, the hero succeeds and returns to the ordinary world with a prize that benefits all.
This is a formula for great storytelling, but it is not entirely real. In real life, our activities don’t cross into an unknown world of wonder. However, heroes do exist in everyday life. The journey, however, is more often one within the individual. This is true in many professions, including cybersecurity.
The Hero is the Star
Cybersecurity is one of the greatest challenges of our time. Doing hard things to solve cybersecurity problems can only be achieved with human innovation and extraordinary effort. The cybersecurity hero’s journey is about how the individual grows to meet the challenge. It is not about the specific quest. This is the best way to interpret the journey.
Throughout the journey, the hero grows while accomplishing the tasks at hand. Everyone, under the right circumstances, can become a hero. It begins with awareness that cybersecurity is where you want to be. You accept the challenge to defend organizations against cybersecurity threats and to protect privacy. It can be a scary choice, considering the various hurdles associated with cybersecurity, especially as you advance within the field. You commit to becoming an expert in the field. You train and practice and learn all you can from experience to achieve success.
Impact of Cybersecurity Heroes
Cybersecurity heroes most often exist in anonymity. They don’t wear capes, but instead are defined by what they do. They are the first responders who jump into the fray when an attack is occurring, attempting to thwart the attacker and keep things working. But in addition to being defenders, there are many ways they impact their organizations.
Cybersecurity heroes also are change agents who make others better. They have come through trials and instill confidence within the organization. Calling upon their experience and insight, these champions direct operations towards the most pressing cybersecurity needs. They provide guidance and advice to make cybersecurity more effective. They help to align business and security objectives, impart security awareness, develop security playbooks, policies and procedures. Eventually, these heroes will become mentors to the next generation of cybersecurity defenders who are required to move the discipline forward.
Create, Develop and Nurture
In the monomyth, the hero is generally reluctant and must be coaxed to undertake the quest. For cybersecurity heroes the choice is generally individualistic. However, there are many ways a hero can be created, developed and nurtured. The journey is self-actuating, but without encouragement, the trip can be a short one.
The first step is education. Strong technical skills are required. Regardless of the topic, be it networking, security analysis, vulnerability management, malware forensics or any of the dozen other disciplines within cybersecurity, education and training is the foundation for improvement. Technology is always advancing, and security needs to stay current.
Having strong technical scholarship is important, but the cybersecurity hero has to have additional skills. Some of those can be learned and improved, such as the ability to successfully communicate and to improve business knowledge, while others are intrinsic to the individual. These personal attributes include enthusiasm, curiosity, adaptability, attention to detail, problem solving and tenacity. These characteristics drive the Cybersecurity Hero to find something others might overlook, to doggedly search for solutions and to find unique and novel ways to solve a problem.
It is up to organizations to nurture cybersecurity heroes. The first step is to acknowledge that cybersecurity is valuable to the business. Security teams need to be given modern security technologies. Let them advance in what they do. Encourage them to interact with others in the security community. Provide feedback, be it positive or negative. This will help them grow.
Nurturing also requires the staff be challenged. Don’t allow them to get into a rut with the mundane. Foster advanced skills development. For example, get your cybersecurity heroes involved in cyber ranges and competitions. Lastly, practice cross training. Nurturing cybersecurity heroes allows them to continue upon the path to mastery.
Cybersecurity is a Team Sport
Cybersecurity heroes are not lone crusaders. They are part of a team. There should be multiple heroes working together toward common objectives. Together, they are growing and improving their skills. They build and feed off of the strong attributes each individual contributes to the mission. They face the same trials and tribulations and learn from each other. Their growth as individuals improves the organization’s overall security posture.
In the end, we are all cybersecurity heroes. Fostering, developing and nurturing our inner hero and the heroes around us can keep people safe, while also creating self-worth and pride in accomplishing good works.