Next month, I
will be teaching my first class as an Adjunct Instructor at Haper College, located
in Palatine, IL. This class will be
about all about the fundamentals of Phishing, and how Generative AI is being used
to create emails that are so convincing that it is getting close to impossible
what is real and what is fake.
Harper
College actually has announced a bunch of new Cybersecurity Initiatives for its
students, and my business partner and I
attended a number of meetings leading to its buildup.
One of the key
questions that was asked is: “What
skills should be emphasized in these new initiative?” Of course, most of the attendees in the meetings
thought that learning technical skills was the most important. This includes learning how to code and write
scripts (using Perl, Python, PHP, etc.), learning all about the mechanics of AI,
and so forth.
But I was one
of the few people that actually said that while this is all important, teaching
students how to communicate effectively in a team is to me, what is most
important. My premise for this argument
was that (and still is), is that you can have a college graduate that will have
all of the certs, and tech knowledge, but what is the good of all of that, if
it cannot be communicated and applied into a team environment?
I further
lamented that although having a set of baseline skills is very important, the further
skills that an employer requires can be learned on the job. Take the case with me. Although I have been doing IT Security and
Cyber tech writing for 15 years now, I knew nothing of how to write a Request For
Information (RFI) or a Request For Proposal (RFP).
But as I
started my full-time job almost one year ago, my managers and coworkers have taught
me the basic skills of how to compose these kinds of documents.
But it is not
just university or junior college graduates in Cybersecurity that have issues with
effective communications. Many seasoned professionals
also have a hard time with it as well. For example, in a recent survey that was
conducted by Tines, entitled: “The Voice
Of The SOC”, as many as 18% of the respondents admitted that they have poor communication
skills, and that trying to share their ideas with their co workers was a huge “chore
to do”.
One of the primary
reasons cited for this is that they do not waste time having to distill all of
the technical data they collect and bring it down to a level so that key
stakeholders can understand. In my opinion,
this is a truly pathetic excuse to make.
For example,
how to Pre Sales Engineers convey the technical stuff so that prospects and
existing customers can understand the solution that they are proposing? The entire report can be downloaded at this
link below:
http://cyberresources.solutions/blogs/Tines_Report.pdf
So, what can
be done to alleviate this serious issue?
Well, when it comes to existing workforce, a number of solutions are proposed,
some of them which are:
1)
Deploy
Automation:
The
thinking here is that if the more mundane tasks are automated, that will leave
time for the worker to actually focus on communicating something that makes
sense to anybody. A prime example of
this is Penetration Testing. There are
many tasks that are involved here, and ultimately, a final report has to be
prepared for the client to a level that they can understand. By automating more of these routing tasks, which
will leave the Penetration Tester to actually compile the document so that it
is easy for the client to go through and review.
It
is also believed that if more business processes were to be automated, the siloes
which exists between the departments will be broken down as well. This is especially important for the IT Department.
2)
Prompt
Engineering:
Whether
you like it or not, ChatGPT is going to be around for a long time to come. Many individuals and organizations use it now
to get answers to questions or to get new ideas onto something. But remember that with AI, the key is that it
is all “Garbage In and Garbage Out”.
This simply means that the answers you are going to get from ChatGPT are
only as good as the data that is fed into it.
But keep in mind that with this platform, it does not simply give you a
list of links to go through to find the answer to your questions. Rather, it tries to give you a very specific
answer to your questions. Therefore, you
need to feed into ChatGPT an exact query, using the right keywords. This is technically known as “Prompt Engineering”,
and by learning how to do this, it is also another great way for the Cyber professional
to hone in on their communication skills.
In fact, according to one researcher at MIT, learning Prompt Engineering
is the top AI skill that you can have.
More details on this can be seen at the link below:
https://www.cnbc.com/2023/09/22/tech-expert-top-ai-skill-to-know-learn-the-basics-in-two-hours.html
3)
Implement
The Tabletop:
This
is a kind of scenario in which you gather up some employees, and give them a
fictitious security breach that has happened.
From there, you instruct them to analyze the situation, and communicate effectively
what they think happened. This is serves
to great purposes:
*Not
only will it help to enhance communication skills, but it will also help to
bring down the siloes as just described before, as employees from different
departments will be involved in this particular exercise.
*If
your company were to be actually hit by a security breach, one of the first things
you need to do is have the ability to effectively communicate what has happened
to key stakeholders in a way that they can understand it. Doing Tabletop exercises will be of great
importance here as well. After all, it
will be your company’s brand reputation that will be as stake.
My Thoughts
On This:
Having a
great set of communication skills is also very crucial when it comes time to Incident
Response and Disaster Recovery. You don’t
want members of these teams running around trying to figure who said what. Rather, you want them to jump up to the cause, and put out the fires as quickly
as possible.
Technology can
help do this, but up to a certain point.
The other key component is efficiency, human based, communication skills.
No comments:
Post a Comment