Not too long ago, I had the challenge of on boarding an individual new to CyberSecurity and digital forensics. The person in question (I’ll call Quentin for purposes of this post) had limited background in cyber and absolutely no background in computer forensics. While I had no issue with Quentin being a novice (everyone has to start somewhere), I had concerns with leadership’s ignorance about the field and operational expectations.

My team while uniquely positioned to handle many types of incidents, was no different than any other incident response team in the CyberSecurity field. We were expected to respond to and remediate an issue at the speed of business. The problem was, for most of us, the speed of business didn’t really align with how my team was trained to do work, which is why training Quentin to be part of the team made him a liability in our pursuit of success.

There are some things you can teach about CyberSecurity, but the rest comes with experience, not just in the field itself, but in Technology. As a CyberSecurity professional, I am often asked to do seemingly impossible things under disastrous situations and my team is expected to do the same. While this is considered ‘part of the job’ or BAU’ for most of us, it could literally break an individual new to the role,

We live in a world where the ‘thing’ needs to happen right now. In CyberSecurity – especially in digital forensics, the ‘right now’ requires more time than any given situation usually allows for and can result in mis-diagnoses of a problem potentially causing more harm than good to the business. Imagine a trainee attempting to carve a file out of unallocated space as part of a training program during their first month. Now imagine that same trainee trying to carve that same file by the end of business during their first day in order to complete a customer’s data recovery request.

This is the problem that many in the field are faced with. As with Quentin, many are stepping into CyberSecurity and digital forensics and expected quickly learn on the job – skills and poise that have taken most people in the field years or even decades to develop. As if carving a file from unallocated space isn’t difficult enough, having to do it under a deadline can be downright cruel and a liability to the business.

We have an opportunity here as leaders and contributors in the field to correct a problem before it results in a skills deficit that could leave our infrastructure vulnerable. Leadership has to become more in tune with the complexity of cyber – particularly on the response and defense side of the house. While I am all for giving people a chance to develop, there should be a ‘right’ way to give people opportunity in the field. I personally think Quentin would have had a much easier road starting as a Tier 1 analyst in the Security Operations Center – learn the methods…learn the madness with training wheels. Training also needs to be more frequent, structured and targeted. We live in a culture of ‘self-paced’ or ‘self-serve’. While this may work for some, classroom based instruction should still be considered for some of the more complex cyber disciplines such as digital forensics.

Leadership should be prepared to hire and reorg in CyberSecurity not only based on the business need, but the need to prepare their resources for the pressure of working in a field that leaves little room for error and where results are expected in an instant. We must be honest with ourselves and be brave enough to be honest with executives. CyberSecurity is a field dedicated to protect the business and cutting corners by eliminating proper training and experience requirements should not be accepted.