Great security team members must hone a variety of skills, and cybersecurity training can jumpstart this process. However, there’s one elusive skill—“security intuition”—that requires cultivation outside the classroom.
“The best information security professionals have a security ‘sixth sense.’ They feel when something’s off, even before they identify the specific threat.” — Jatin Sethi
DevelopIntelligence security trainers Vikas Rewani, Frank Rietta, and Jatin Sethi offer 10 tips for fostering this “spidey” sense:
1. Commit to continuous cybersecurity learning
The cyber landscape changes so rapidly that it’s hard to stay current. To maintain readiness, you’ll need to seek out the latest research articles and regularly update your skills.
2. Pay attention to the threat landscape
Stay up-to-date on resources such as Verizon Data Breach Report, Have I Been Pwned, KrebsonSecurity, and other public resources to understand the big picture.
3. Think like an attacker
Create a list of past attacks that have happened in your organization or in competitors’ organizations, looking across domains, departments, and teams. Studying these attacks can be part of your learning strategy, giving you real-life examples to help fine tune your skills.
4. Use threat simulators
This allows the red and blue team to be better prepared for real-time cyber-attack scenarios.
5. Analyze before acting on information from Artificial Intelligence (AI) and threat simulators
These tools can play an important role in identifying potential threats but require critical thinking by a human. Are you seeing a real threat or a false one? A specific case that creates security threats in one domain may be advantageous in another domain. For example, appending search criteria in a URL (e.g. “search friends based on age, location, etc., and bookmark this URL for future searches”) is a really important feature for social networking websites but may be a security vulnerability for domains such as finance.
6. Become a cybersecurity training champion—an internal advocate for security who can coach others
In this role, you can help create strong engagement between security and development teams, as well as departments across the organization.
7. Be a cybersecurity mentor
Guide new security professionals in identifying potential threats, prioritizing them, and developing mitigation plans. You’ll likely gain new insights from your protégé’s questions and the process of answering them.
8. Submit talks for conferences, local user groups, and in-house lunch-and-learn sessions
Preparing for a presentation requires thinking deeply about an aspect of security and becoming more expert in it. It helps you solidify your thinking around a security topic.
9. Attend security-oriented events such as BSides, OWASP, and SANs Institute meetings and conferences
Also, take part in local meetup groups that explore Ethical Hacking and other cybersecurity topics. These gatherings let you study what other companies are doing, as well as what top experts are recommending. You’ll…
- Gain more knowledge of the overall security industry.
- Learn about emerging trends in cybersecurity and cybersecurity training.
- Gain new technical skills and tools related to SANS strategy or focus areas.
- Understand others’ views of existing and new technologies/concepts.
10. Schedule hackathons
These allow you and your peers to apply and showcase your knowledge.
Every security team needs a deep understanding of technical systems, as well as the emotional intelligence to work well with a broad variety of people across the organization. These 10 tips will help broaden your cybersecurity and people skills, while strengthening your security intuition.
We have a threat modeling learning path designed to take you from beginner to expert. Start now with Threat Modeling Fundamentals!
5 keys to successful organizational design
How do you create an organization that is nimble, flexible and takes a fresh view of team structure? These are the keys to creating and maintaining a successful business that will last the test of time.Read more
Why your best tech talent quits
Your best developers and IT pros receive recruiting offers in their InMail and inboxes daily. Because the competition for the top tech talent is so fierce, how do you keep your best employees in house?Read more
Technology in 2025: Prepare your workforce
The key to surviving this new industrial revolution is leading it. That requires two key elements of agile businesses: awareness of disruptive technology and a plan to develop talent that can make the most of it.Read more