My job provides a forum for me to meet with leaders in information security across many companies. My recent meetings with Chief Information Security Officers (CISO) of some of the largest organizations uncovered a trend that I thought was relevant to share. Many of these CISOs had a few things in common.
First, they were all relatively recent to the job – within two or three years. This is normal as the CISO position is a high pressure job and tends to turn over frequently. The other common element was their professional backgrounds. They all had previously worked for the Intelligence Community (IC).
Why would companies be recruiting and hiring information security executives from the Intelligence Community? The answer is in the intelligence discipline and how it applies to a holistic and effective security program.
Hiring the Intelligence Community
Intelligence as defined by the IC is “Collection, analysis, and production of sensitive information to support national security leaders, including policymakers, military commanders, and Members of Congress.” Intelligence is woven into the creation of offensive military strategy, governing policy, and defense. Our government uses information gathered and disseminated from the IC to decide which way to point the weapons, which policies to create around anti-terrorism and set the general direction as a country.
It is clear how we can apply intelligence to our security programs, then. Without intelligence, how does an organization test the efficacy of their security program? How does the information security department know what defenses to build and how much to spend on them? How would a CISO decide where to allocate his resources and prioritize focus? For instance, much of the security budget is spent on best of breed defense tools that keep companies from being the low hanging fruit – protecting from opportunistic attacks. Yet, if those same organizations are targeted by a nation state sponsored APT, perhaps that strategy would be adjusted accordingly.
Utilizing cyber intelligence as part of a security program can yield immediate benefits and even return on investment (ROI) if implemented correctly. Intelligence can drive focus toward the most important aspects of the security program, reinforce budget allocation, and test the efficacy of the overall security methodology at an organization. These data points are invaluable when communicating with company leadership, accenting the importance of the security program and spend, and setting the direction for the future of the program.
Fortunately for these large institutions with IC community veteran CISOs, they are heading down the right path. They are developing intelligence programs that fold into their overall security program. They are building out intelligence teams, hiring staff with expertise in the intel discipline. (This is fundamentally different than InfoSec.) For everyone else, though, this is likely out of reach. First, there are a limited number of IC community veterans available for CISO positions. Second, building out intel capability, an intel program and staff, is cost prohibitive for 90% of businesses. MasterCard benefits from these developments…they have made the investment. The local credit union could also benefit, if only they had the means.
What if you can’t afford an Intelligence Community veteran?
This is what we are trying to solve for at GroupSense. We believe that with the right technology, coupled with a stellar intelligence team, we can deliver the benefits of a full fledged intelligence program to Fortune 500 and the small regional manufacturer who can’t afford to hire Intelligence Community veterans.
Our software, TraceLight, is built to collect, structure, analyze, and enrich content from millions of sources. This allows us to deliver high fidelity, structured, enriched, intelligence data to our customers. This data comes with a highly trained and experienced analyst to support the consumption and instrumentation of this data.