Cybersecurity incident response teams (CSIRTs) rely on technical and social skills. But focusing mostly on technical knowledge can come at the expense of communication and teamwork, according to a new study.
This idea was the focus of a five-year study analyzing incident response teams from a social-behavioral perspective. From 2012 to 2017, a team of researchers funded by the US Department of Homeland Security interviewed more than 200 people and led 80 focus groups across 17 international organizations to identify the key drivers of teamwork within and between teams.
The researchers included several people from George Mason University (GMU) who teamed up with Dartmouth and HP, and received funding from the Swedish and Dutch governments, says Dr. Daniel Shore, chief research officer at Leadership & Effective Teamwork Strategies (LETS), who worked on the study while he was at GMU.
“Across our team of researchers and practitioners, we put in over 56,000 hours of analysis and interviewing, to data gathering and analysis, to understand … not only what an individual on the team does but the team they represent, or the multiteam system they represent,” Shore says.
Bionic CEO Mark Orlando discovered this research as part of his own work looking into how security teams can better work together. “It really resonated with me,” he says. “I thought the research was great; there were a lot of very practical things in there that I was able to use in my work.” He began to reference the research and as a result, he was later connected to Shore.
“What was identified early on that spurred that research … was the idea that in cybersecurity, there are lots of analysts and front-line eyes-on-glass people who are very egocentric — not to say they’re egotistical, but egocentric,” Shore explains. “They see things from their own perspective; they’re used to being able to say, ‘I can handle this challenge on my own.'”
It makes sense, he continues. Many security pros are trained individually; they learn how to hack, investigate, and test on their own. Then they’re dropped into situations in which they face complex problems and challenges that require collaboration, but they don’t have the background and habits that come with working collaboratively in a multiteam system.
Orlando says it’s natural for relationships to form, and for trust to form, in an incident response team and within a …….