Cyber Security Scars - Experiencing an Incident

4 min read
(February 5, 2023)

Welcome to cyber security now get ready for some scars.

I appreciate scars.  I can’t say that I necessarily like the process of getting them, but I do like what they represent. Scars have a unique beauty and honor that nothing else really has.  They are tangible proof of battles fought and survived.  Of experience gained and the wisdom earned from the failures that come from actually doing things. Scars are the companions of competence and confidence that has been earned.

Cyber Security Scars - Experiencing an Incident  

Which brings me to my topic for today.  There seems to be some sort of misplaced stigma around security professionals that have been in organizations that have experienced an incident of some sort.  On that specific item, I want to be as clear as possible:  Security leaders and professionals that have never experienced the adversity, stress, and failures associated with an incident, are missing a critical factor needed to be successful in cybersecurity.  They don’t have any scars.

In life, there is a big difference between theory and practice.  For example, there is a huge gap between knowing all about boxing and knowing what it is like to actually box.  That gap is covered by one thing, boxing.  Or, as a modern day philosopher once put it, “Everyone has a plan until they get punched in the mouth.” - M.Tyson

Cyber security is no different, you can know all about infosec theory, frameworks, models and best practices but you will never really know how you will perform or what it feels like to do incident response until you have been through an incident.  An academic understanding of what it takes and how it could be done will never get you across the finish line.  The only way to get there is to do it.  It won’t be easy, it won't be fun, and it definitely won't go as planned.  But that is also why it is important.  Because once experienced, you get the unassailable foundation of knowing that you can do it and come out on the other side. You get the scar.

I am not saying to seek unnecessary and potentially scarring activity just for the experience. What I am saying is that you shouldn’t be afraid of getting some scars along the way.  The value of doing things and having done them far outweighs the value of just knowing and thinking about them. Organizationally, and in your career, you should seek to have a balance of both.  True confidence and competence is earned in the fight though and not in the planning or thinking about it.

However, what does that look like when you need to enumerate the value of having that type of experience? How can you use this to improve your personal brand instead of seeing it as a wound?  Well, here is a short list of things to help get you started when explaining the benefits of your scars:

  • Quick response capability: Showcase how you reacted quickly to the incident by immediately assessing the extent of the damage and taking necessary steps to contain it. This could involve shutting down systems, isolating affected networks, or changing passwords.
  • Knowing how to assemble the right team: Show how you gathered a team of experts, including IT, legal, and public relations professionals, to help address the incident and manage its aftermath.
  • Proper reporting compliance: Illustrate how you followed your company's incident reporting procedures, as well as any relevant laws and regulations, to ensure that the incident was reported to the appropriate authorities and stakeholders in a timely and transparent manner.
  • Communication with stakeholders: Doing is not enough, letting others know and keeping employees, customers, and other stakeholders informed of the situation and the steps taken to mitigate the incident is equally important.
  • Root cause analysis: Demonstrate that you understand how to get the most value of opportunities by conducting a thorough investigation to determine the cause of the incident and identifying any vulnerabilities with technology, process, and people that need to be addressed.
  • Implementation of remediation measures: Speak to how you, based on root cause analysis, implemented measures to prevent similar incidents from occurring in the future, such as updating security systems and processes, improving employee training, and increasing monitoring and detection capabilities.  Showcase that you have not only learned from the event but have put that into risk reducing action and updated models.
  • Continuous improvement: Finally, explain how you regularly review and update your security measures to ensure that you are continuously improving your defenses against potential breaches.  No one is in a place where improvement can’t be made.

With that in mind, if you ever find yourself being sold the promise or expectation of massive success and competence through never failing and always getting everything right, then what you are being sold is a lie. Especially when you are selling that myth to yourself.  Organizationally, and in life, the focus needs to be on the real value being brought to the table.  The confidence and competence that has been earned through doing the right thing and consistently getting up regardless of how many times you have fallen.

Leave the unrealistic expectations to the charlatans and uninformed. Perfection was never the goal.  Doing the right thing and learning is what counts.  If you plan to have a career in cybersecurity (or live a full life for that matter) I can guarantee you will get some scars along the way, but don’t be afraid to show them. Wisdom and experience has a look that can’t be bought or taught.

You are not defined by what happens to you, only by how you respond to it.  So be the person that can look beneath the surface and see the value and success in the struggles and failures that have been overcome.  Look for the signs of competence and confidence that has been earned.  Look for the scars and appreciate what you find when you see them.