We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
5
7
2019
3.1.2023

InfoSec Roles and Archetypes to Close the Skills Gap

Last updated:
9.16.2020
3.1.2023
No items found.

Daniel Deter is the Manager of Information Security at Green House Data. Follow him on LinkedIn.

Prologue

All journeys begin in darkness.

The student's eyes opened to darkness, surrounding him, enveloping him in the fear and uncertainty of the unknown. With no light to guide him, he knew not where to go next. He could feel that he still wore his student's robes, and the soft-soled shoes of his order. Without conscious thought he reached up and ran his fingers across the silver symbols embroidered upon the left breast of his robe: the number of his student ID, of his identity.

The Journey Begins

My first experience as an information security (InfoSec) manager began unexpectedly. My director called me into the conference room, where he sat with the security manager, and said, “Deter, you’re the new security operations center manager.” I responded with, “Ah, yeah, hard pass,” to which he replied, “Too bad, it’s already decided.”

I soon took over a team that tracked no key performance indicators (KPI), had no training program, had very few documented procedures, and didn’t actively monitor the implemented security information and event management (SIEM) tool. Three months later, my director called me into the same conference room once again, and said, “Deter, the security manager is leaving, you’re the new security manager.”

This left me with a 24/7 SOC, a security engineering team, and a compliance team under my purview. This included a recently acquired FedRAMP compliance. I soon realized that each team suffered from severe dysfunction. A core component of that dysfunction was a lack of definition in roles or understanding about job responsibilities. It was clear to me that I had to rebuild the security teams, but how?

Several years later I left that team, and at that time it was understood to be the most high-functioning team within a much larger MSP organization. It had robust and well written documentation, and a deeply technical group of personnel with expertise across all segments of IaaS, and MSP services. We built what we later began to call an integrated delivery team (IDT), where each archetype (more on that to follow) was logically aligned with functional competencies from within the broader MSP business.

 

Building a Successful InfoSec team

The purpose of this article isn’t to walk through the trials and tribulations that took my team from zero to hero, but rather to begin to distill those lessons into concise and easily consumed guidance that any leader can use to support team building, and any practitioner can use to guide their own personal journey as a student of information security.

It is generally understood, with broad industry concurrence, that an InfoSec skills gap exists and presents a significant challenge for those of us responsible for managing risk within an organization. What is often not understood, by both practitioners and leaders alike, are:

To close the skills gap, an organization must first understand the competencies required by security teams in their pursuit of information technology risk management.

Information security is information technology. While the function and key performance indicators of the person may differ between roles, the skills required to be successful do not (i.e., InfoSec is inherently a technical discipline).

Information security consists of three core archetypes: builders, breakers, and defenders. It is through recruiting and building the skills of these archetypes that the foundations of highly functional security teams are formed.

 

Understanding the Infosec Archetypes

Each of the three archetypes represents core technical knowledge, skills, and abilities (KSA) that, when leveraged for information security risk management, improve the efficacy of security programs and reduce overall cost of information security risk management.

Builder

What is a builder?

Builders are those who build secure infrastructures. This can include the network, the systems, and the applications.

Note: Yes, your DevOps team are also builders, and are absolutely critical to InfoSec, though for the purpose of this article I’ll be focusing on secure architecture in the KSA below.

What kind of jobs do builders do?

What are some core competencies for a builder?

Breaker

What is a breaker?

The breaker is the hacker or cracker. The role of the breaker is to functionally identify and test vulnerabilities.

What kind of jobs do breakers do?

What are some core competencies of a breaker?

In this archetype you’ll find the widest range of skill sets. The foundational skills are:

Breakers hold a broad range of information technology skills, including programming, infrastructure administration, and system administration. To be highly successful breakers need to understand how applications function, how operating systems function, and how communication occurs both across and within networks.

Defender

What is a defender?

The defender performs monitoring and response functions. In its simplest form, a defender has two primary duties:

The defender requires a broad skill set to be successful. Attackers only require competency in a single avenue of attack, while defenders need to understand information system architectures, operating systems, applications, and how they each communicate across a network. For best results on hiring defenders, start with someone with proven competency in operating system and/or network administration. The tough part isn’t learning to use your SIEM, it’s understanding the data coming into it, and then building a meaningful narrative of risk based upon it.

What kind of jobs do defenders do?

What are some core competencies of a defender?

What About Information Assurance and Compliance?

What is IA and Compliance?

The Information Assurance (IA) and Compliance — AKA Governance, Risk, and Compliance (GRC) — aspect of information security programs represents the mechanisms through which an organization measures information security. As anything measured tends to improve over time, GRC teams provide significant value-add for an organization.

Please note: To keep your GRC program on track, ensure that work efforts are focused on measuring (e.g., KPI) of the existing security program against a standard (e.g., NIST, ISO), a baseline, or an industry best practice.

What kind of jobs do IA and Compliance staff do?

What are some core competencies of IA and Compliance?

More to Know

A great resource for those looking to map InfoSec jobs to knowledge, skills, and abilities (KSA) is the NIST NICE framework, SP 800-181.

Epilogue

The student stepped out of the darkness into the bright light of a cloudless summer day. The sun stung his eyes, long-since adjusted to the darkness. The heat of the day washed over him. Beads of sweat began to form on his forehead. He turned around, sudden resolve bubbling from the depths of his subconscious. He faced towards the cave, and the unknown terrors that lurked within.

He'd survived, he'd found the light, but he knew, intrinsically, that survival was not victory. Victory would require action, persistence, and a continual pursuit knowledge. The student had faced the darkness, and now the darkness would have to face him. With a nod to no one, he stepped back into the cave, the sun glinting off the silver thread of his student ID a final moment before being swallowed by the darkness, the numbers clearly visible, "1337".

Recent Blog Posts

lunavi logo alternate white and yellow
3.27.2024
03
.
27
.
2024
Utilizing Bicep Parameter Files with ALZ-Bicep

Ready to achieve more efficient Azure Deployments? You can use Bicep parameters instead of JSON which opens new opportunities for deployment. Let Lunavi expert, Joe Thompson, show you how.

Learn more
lunavi logo alternate white and yellow
3.26.2024
03
.
04
.
2024
Anticipating Surges in Cyber Attacks and Bolstering Your InfoSec Defenses in 2024

Learn how to navigate 2024 with the right InfoSec defenses to protect your organization against a rising number of cyber attacks.

Learn more
lunavi logo alternate white and yellow
3.26.2024
01
.
03
.
2024
Microsoft Copilot is Re-Shaping the Innovation Frontier

Microsoft 365 Copilot has been released, and it's changing the way we work. More than OpenAI or ChatGPT, read how Copilot can seamlessly integrate with your workflow.

Learn more