When I served in the Marines, I was told that understanding the details could mean the difference between life or death. For instance, it's one thing to shoot a rifle; it's another thing to place a round downrange and hit full center black from 1000 yards away!

What is the difference? 

One requires picking up the gun and simply pulling the trigger, while the latter requires taking windage calls and adjusting the rifle's rear sight until you can place the round properly. I spent hours and hours just snapping in, learning how to hold the rifle before taking a single shot. But then again, that is why I am a marksman and not a pop shot.

Cybersecurity and most other professions, for that matter, require the same calculated approach to arrive at success. 

Cybersecurity A Knowledge-based Game! 

Security professionals are often like the bright-eyed recruit being handed a weapon for the first time. They are unaware of the power they wield and have no concept of how to maintain and upgrade the weapon when needed. 

As for myself, I have understood that cybersecurity is a field where knowledge will only expand. And to contribute to the field of study, I need to seek to improve my skill sets consistently. For me, this means expanding my knowledge in areas that I absolute loathe, such as: 

1. Powerpoint [ Yep ] 
2. Regular Expressions [(?s)/\*(?:(?!\*/)[*$ _/+\\-])*(.*?)[*$ _/+\\-]*?\*/]
3. Networking [1011110001] < - Not rubbing shoulders
4. Windows Operating System [YUK]
5. Communications < - [Rubbing shoulders] 

Of course, this list is not exhaustive! I'm not too fond of more things than what's written above, but I'll save you the read. Suffice to say that as knowledge expands, so should you! 

Why is knowledge essential to the cyber professional? 

Silly question, right? You might be pretty surprised at the number of professionals I have met who have gotten some degree or certification that think they are done learning. This way of thinking couldn't be further from the truth and quite indicative of today's immature security programs. 

For instance, cloud architecture is the new craze for organizations looking to reduce their footprint and offload some of their IT operations costs and requirements. We could, as cyber professionals, sit back and allow the trend to become commonplace without understanding the risk associated with this type of architecture, or we can get involved! 

 The first step toward engaging in cloud-based cybersecurity is understanding the cloud. How is the cloud infrastructure being deployed, and how will it be managed. Moreover, we should be sure to understand our organization's current architecture and the impacts that moving to the cloud may have on security.

The detail comes into play when we work to understand why our organization is looking to move to the cloud. Then we play our part by translating security controls into low-level system requirements. This frequently requires engaging in discussions surrounding implementation. 

After all, the Devil is in the Detail! 

Why are the Details often overlooked? 

Firstly, to work within the details, competency is required! 

Big word! Here is the definition: 

Competency: possession of sufficient knowledge or skill

Secondly, doing so requires a lot of hard work and focus. Focus is nothing more than a game of discipline. We have to force ourselves to work opposite the current and take the path OF resistance. 

The quickest solution is not always the right solution! 

In my experience, it's relatively common for cyber leaders to take the easy way out! 

For instance, hire a third-party Managed Security Service Provider (MSSP) or implement a tool suite that claims to provide 100% security and can cure world hunger! And lastly, my favorite, let's automate cyber! 

While MSSPs, toolsets, and automation all have their place in delivering cybersecurity to the organization, they are not in and of themselves; the end all be all solution.

These solutions have technical limitations and drive costs which is the most significant risk to the business, bar none! On top of that, to have support to implement these solutions, we need to be able to communicate the details to persons who do not have as much knowledge on the subject matter as we do [Powerpoint and Spreadsheets], which we often fail to do. If the solution is fast and dirty, communicate it that way but be sure your WHY resonates with those holding the purse strings! 

Do I need to be an expert at everything? 

I'm not going to lie; I think it's best to specialize and not generalize. Depth of knowledge in any one topic requires years and years of uninterrupted study and implementation. For instance, I am not a red teamer; I am a purple teamer responsible for building solutions that stop attackers. 

As a purple teamer, it is my job to understand attackers' tactics, techniques, and procedures to build solutions that make their lives harder. Should I, therefore, understand the ins and outs of Artificial Intelligence? The answer would be an emphatic no! If an occasion presents itself that a defensive measure requires AI, I should seek an expert to ensure that the solution is applied effectively and efficiently.

Like my mother always says, 'Don't be a jack of all trades and a master of None.' 

I fear not the man who has practiced 10,000 kicks once, but I fear the man who has practiced one kick 10,000 times.

-Bruce Lee

It is undoubtedly always best to be a master! 

What should you do with this information? 

First and foremost, understand that almost all cybersecurity vulnerabilities exist due to a lack of quality. Quality is directly correlated to attention to detail, like it or not! 

Secondly, look to leverage the expertise of professionals within your organization to build security solutions that work. This list of professionals should include business analysts, software and network engineers, cloud professionals, and security specialist, to name a few. Cybersecurity is very much a systems engineering function meaning it requires inputs from almost all of the functions within your business. Some focus on delivering process, while others provide technological support to the process for delivery.

Conclusion: 

This rant was quite fun, but we need to get back to some structure and order. I'd like to hear your thoughts on the details and why they matter? Maybe you believe they don't; if so, please feel free to leave me a comment explaining your stance. 

Until the next write-up, let's keep working together to deliver security solutions that put business First!