by Cody Chamberlain, Head of Product, NetSPI
August 15, 2022
NetSPI CEO Aaron Shilts recently wrote an article that centered around this powerful statement: Technology cannot solve our greatest cybersecurity challenges. People can.
As Head of Product, this statement gave me a critical opportunity to pause and reflect on my team’s purpose and ask, “What is the true intent of our technology innovation?”
The answer was abundantly clear: Technology should empower people and maximize the value of human creativity, experience, and ingenuity. It should enable people to do more, with less.
But it is not possible for technology nor people to be a force multiplier on their own. It all comes back to the intersection of the two. Data is just data unless you can derive intelligence from it, tools are just tools unless you can leverage them to deliver outcomes. Shelfware has never made anyone secure.
Cybersecurity Technology Pitfalls
Today, security programs are faced with a dilemma of not having enough people to tackle their greatest challenges, yet technology alone has not provided the level of efficacy to improve security programs. Without people, technology cannot:
🚫 Understand unique organizational needs
Company infrastructures are distinct. While many organizations have the same technical security controls or operate in the same industry, the ways the controls are implemented and operationalized, and the context of each infrastructure can differ greatly. Additionally, risk profiles and tolerance vary. External pressures may be different, driving additional bifurcation in how they approach a specific problem. Technology alone cannot identify these nuances and adjust.
🚫 Continuously manage and operationalize itself
Tools need to be run. The process of evaluating, implementing, and operationalizing technology requires humans. This process often takes focus away from defending against cyber attacks. When we have limited resources, we need to make sure they are focused on the right aspects of the greater mission.
🚫 Support security programs in a cost-efficient way
The security industry is crowded with technology vendors offering a wide range of solutions. Research platform CyberDB has compiled a list of cybersecurity vendors which includes 3,500 companies – just in the US. It has become difficult for security leaders to effectively implement supportive technologies in a cost-efficient way due to redundant functionality, gaps in coverage, and other challenges that come with the crowded market.
The Spectrum of Cybersecurity Tools
To truly understand the value of the intersection of technology and talent, it’s important to define the opposite ends of the spectrum – from traditional services/consulting firms to standalone technology platforms.
Traditional Services/Consulting Firms:
• Expectations: A comfortable and trusting relationship with specific resources; easy to procure; professional services contracts are well understood; processes are easy to onboard and manage
• Reality: Slow to scale; only as good as the consultant assigned; not maximizing the value; expensive; time consuming
Standalone Technology Platforms:
• Expectations: All-in-one solution to a problem; use existing resources to manage the platform; low touch management
• Reality: Lacks efficacy; purchased technologies do not meet expectations; requires dedicated resources to manage; opaque (“trust us it works”); operates without context specific to your business needs and risk profile
So, how do you get the best of both worlds?
Platform Driven, Human Delivered
The solution to effectively executing the industry’s security missions with limited human capital lies within the combination of technology and talent. Together, they can be a force multiplier for the industry.
As an industry, we need to take a step back and evaluate, “What do we need to do to protect ourselves?” What are our priorities?
From an offensive security perspective, we need to identify all assets, identify vulnerabilities on those assets, and remediate them. No one person, nor one tool can achieve these goals. But together? The opportunity for success is exponential.
After all, technology cannot solve our greatest cybersecurity challenges. People and technology can.
Cody Chamberlain is a Cyber security professional with unique mix of pragmatic “in the trenches” experience coupled with advanced business education and strategic sales roles.
Focused on being a trusted advisor in an industry overwhelmed with limited funding, endless technical solutions and potentially catastrophic consequences.