How to introduce more empathy into security operations
Dan Kaplan
Content Marketing, Google Cloud Security
Editor's note: This blog was originally published by Siemplify on April 29, 2021.
With cybersecurity moving from backroom to boardroom, and the societal imperative that workplace cultures renounce toxicity for more sensitivity and tolerance, there is a rapidly-growing call for empathy to pervade the infosec function, from the CISO all the way down.
Within security operations, challenges often boil down to alert fatigue, skills shortages and lack of visibility.
But another hurdle is just as important: ensuring the extension of humility and compassion—to users, customers, third parties (a huge source of risk), colleagues on your own team, and even your adversaries. Fortunately, this struggle can be met without the need for technology, and result in more productivity, effective relationships, diverse thinking, and stronger and more resilient security postures.
The demand for empathy has only been exacerbated by COVID-19, as workers need to adjust to new security challenges and potential threats brought on by the shift to remote work, and also feelings of isolation and disconnection.
At the 2018 LASCON show, security expert Joe Parker delivered a foundational talk on SecOps empathy. He described three areas of security operations where empathy and vulnerability play a bigger role than most people may think.
Incident response
Whether you are investigating an ordinary alert, trying to determine whether something is a false positive, or embroiled in a full-blown incident, chances are you will need help. To obtain all the log data and other details you require, empathy can help encourage others to give you what you need to resolve the case and determine a course of action. Afterward, be sure to thank the sources from which you drew information and share with them the outcome of your investigation, as they may be curious of the result and helpful in avoiding similar situations in the future.
Security awareness
One of the common traits that show up often in articles describing the habits of an empathetic person is the ability to put oneself in the shoes of others. When it comes to security, the basics are teachable and learnable, but expecting someone who is not an infosec expert to spot, for example, a well-oiled phishing attack may not be realistic. If you are called on to help with employee education, make sure that you are relatable (perhaps share a story of a time when you blundered), non-judgmental, and open to feedback.
Here is what SANS Institute instructor Ryan Chapman said about empathy during his appearance in the Siemplify, now part of Google Cloud, “Sitdown With a SOC Star” series:
“I truly believe that the most important soft skill to have within our realm is empathy. You can think of it this way: How many times has a SOC member said something like, ‘This stupid user clicked a link and now their host is compromised?’ We hear this often in a SOC environment. Is that person really ‘stupid?’ No, they aren’t. That person may be an engineer, a payroll specialist, a salesperson who enables the very company for whom you work. They have their specialties and their skills. And we have ours. Expecting everyone under the sun to understand security the way that we do is daffy. Rather, we need to be empathetic. We need to realize where they’re coming from. It’ll help us all get along, which in turn improves communication and fosters a healthy working environment.”
Vulnerability management
When addressing security flaws and misconfigurations, SecOps pros often work with more IT-inclined staff than in a typical security awareness training exchange. When you interact with IT, developer, and operational teams, empathy for their challenges can help you understand why they might be reluctant to take on security tasks, such as patching.
“Not only can empathy help identify patching reluctance but you can use it to find a new pathways that takes everyone’s needs and challenges into account,” said Parker, now the head of IT and security at ByteChek, in an email.
The ability to trust and assume good intentions in others can be a good barometer to gauge how you’re doing. Exhibiting and growing your empathy is no easy task. But this much is known by science: Empathy can even improve your health. And maybe that’s the best reason of all to do it.