10 tips for honing cybersecurity intuition

Great security team members must hone a variety of skills, and cybersecurity training can jumpstart this process. However, there’s one elusive skill—“security intuition”—that requires cultivation outside the classroom.

“The best information security professionals have a security ‘sixth sense.’ They feel when something’s off, even before they identify the specific threat.” — Jatin Sethi

DevelopIntelligence security trainers Vikas Rewani, Frank Rietta, and Jatin Sethi offer 10 tips for fostering this “spidey” sense:

The cyber landscape changes so rapidly that it’s hard to stay current. To maintain readiness, you’ll need to seek out the latest research articles and regularly update your skills.

Stay up-to-date on resources such as Verizon Data Breach Report, Have I Been Pwned, KrebsonSecurity, and other public resources to understand the big picture.

Create a list of past attacks that have happened in your organization or in competitors’ organizations, looking across domains, departments, and teams. Studying these attacks can be part of your learning strategy, giving you real-life examples to help fine tune your skills.

This allows the red and blue team to be better prepared for real-time cyber-attack scenarios.

These tools can play an important role in identifying potential threats but require critical thinking by a human. Are you seeing a real threat or a false one? A specific case that creates security threats in one domain may be advantageous in another domain. For example, appending search criteria in a URL (e.g. “search friends based on age, location, etc., and bookmark this URL for future searches”) is a really important feature for social networking websites but may be a security vulnerability for domains such as finance.

In this role, you can help create strong engagement between security and development teams, as well as departments across the organization.

Guide new security professionals in identifying potential threats, prioritizing them, and developing mitigation plans. You’ll likely gain new insights from your protégé’s questions and the process of answering them.

Preparing for a presentation requires thinking deeply about an aspect of security and becoming more expert in it. It helps you solidify your thinking around a security topic.

Also, take part in local meetup groups that explore Ethical Hacking and other cybersecurity topics. These gatherings let you study what other companies are doing, as well as what top experts are recommending. You’ll…

• Gain more knowledge of the overall security industry.
• Learn about emerging trends in cybersecurity and cybersecurity training.
• Gain new technical skills and tools related to SANS strategy or focus areas.
• Understand others’ views of existing and new technologies/concepts.

These allow you and your peers to apply and showcase your knowledge.

Every security team needs a deep understanding of technical systems, as well as the emotional intelligence to work well with a broad variety of people across the organization. These 10 tips will help broaden your cybersecurity and people skills, while strengthening your security intuition.