20 July, 2023
By Muris Kurgaš
Throughout the course of a cyber security career, many professionals find it challenging to maintain a balanced perspective and view things from different angles. This blog post will explore the challenges of balancing ego with expertise, and how cyber security compares to other industries in this regard. Other topics that will be discussed are the potential for cyber security researchers to develop an inflated ego and the reasons why cyber security researchers may not be suited to become effective pentesters or red teamers.
The cyber security alternative analytics field requires individuals with diverse skillsets and expertise, including cyber security researchers, consultants, pentesters, and red teamers. Ego can play a significant role in both research and testing, leading to challenges in collaboration, objectivity, and perspective.
Researchers can become too attached to their findings and theories, leading to difficulty in accepting feedback and criticism from colleagues. A narrow focus on a specific research area can also lead to a lack of objectivity when analyzing vulnerabilities and threats. Staying humble, open-minded, and collaborating with others are essential to keeping one’s ego in check.
Cyber security professionals must understand that successful penetration testing and red teaming require different mindsets than those required for research. Pentesters need to think like attackers, identifying weaknesses in a system's defenses and taking calculated risks to exploit them. Furthermore, pentesting and red teaming require familiarity with a broad range of security tools, techniques, and technologies, and these are not always developed in the same way as those required for research, making it challenging for security researchers to transition into red teaming roles without additional training and experience.
Another way to view the challenges of cyber security roles is through the lens of "researchers" and "doers." In many industries, researchers conduct studies and produce findings, while doers implement the findings and solve real-world problems. In the cyber security field, researchers conduct studies on threats and vulnerabilities and produce reports, while pentesters and red teamers implement the findings and test real-world systems. The challenge arises when researchers become too focused on their research findings and become disconnected from the practical application of their work, which can lead to an inflated ego and difficulties in collaboration with doers. Similarly, doers may become too focused on the practical application of their work and miss out on the latest research findings and best practices.
For instance, in the healthcare industry, researchers conduct studies on diseases and treatments, while healthcare professionals implement the findings to treat patients.We have witnessed that in the early stages of the pandemic, the delay in response was due in part to a lack of collaboration and understanding between different groups of professionals. This delay allowed the virus to spread more quickly and widely, making it more difficult to contain. Furthermore, the spread of misinformation was exacerbated by a lack of collaboration and understanding, as different groups of professionals provided conflicting information about the virus and its transmission.
Balancing ego and expertise in cyber security can be challenging in the real world. For example, a cyber security researcher may develop a hypothesis on a potential vulnerability but may become attached to that hypothesis and struggle to consider alternative theories or ideas. Similarly, penetration testers may become overly confident in their abilities, leading them to overlook critical weaknesses in a system's defenses. On the other hand, a red teamer with research experience may have difficulty taking the calculated risks necessary for successful red teaming, as they may be overly cautious or hesitant to deviate from their research-based approach. As a manager, it's crucial to provide ongoing training and support to help team members overcome these challenges and develop a balanced perspective that fosters collaboration and effective problem-solving.
Collaboration between cyber security researchers and consultants is essential in today's rapidly evolving threat landscape. Cyber security research provides valuable insights into emerging threats and vulnerabilities, while penetration testing and red teaming help organizations identify and remediate weaknesses in their defenses. However, maintaining collaboration between security researchers and security consultants can be challenging, especially when they have different areas of expertise and approaches to problem-solving. This is where team structure comes in. By working collaboratively in a structured team environment, researchers and consultants can better leverage their respective skills and knowledge to address complex security challenges. Team structure also promotes accountability and ensures that each team member has a clearly defined role and set of responsibilities. Ultimately, this approach leads to a more effective and efficient team that is better suited to address today’s unique cyber security challenges.
Promoting a culture of collaboration, communication, and learning is important within our teams and organizations. It is crucial to encourage researchers to remain objective, to teach pentesters and red teamers the necessary skills to succeed, and foster communication and collaboration between the two groups.
The cyber security field requires individuals with diverse skillsets and expertise, each with unique challenges and opportunities for growth, to collaborate. By recognizing the potential for overconfidence, and understanding the differences in mindset, experience, and skills required for each role, and promoting collaboration and communication, cyber security professionals can continue to push the field forward and have a positive impact on the wider community.