Tuesday, April 29, 2014

Let's Talk Analyst to Analyst

Recently, I was contacted “analyst to analyst” by an employee in the professional services area of a large security vendor looking for some inspiration and guidance. I won’t name the vendor, but it is one whose offerings haven’t exactly wowed me during the course of my career. We engaged in an informative and interesting email dialogue -- analyst to analyst, where we learned from each other. To some, this may seem a bit risque on the part of the professional services employee. In my experience, I’ve found that analysts from large security vendors actually approach me for dialogue, advice, or to share thoughts regularly.

Throughout my career, I have found that analysts as a group want to move forward, make progress, solve problems, and improve the state of information security. This requires a collaborative environment and thinking outside the box. Whether or not analysts find a creative, thought provoking, boundary-pushing environment within their own organizations, they will also seek it externally via direct analyst to analyst contact with their peers, discussion forums, conferences, and informal meetups. Analysts are an inquisitive and helpful bunch by nature -- always more than willing to understand a challenge someone else is facing and help that person work through it. After all, if we can help to make another organization more secure, we all win.

Informal analyst to analyst channels also accomplish things people aren’t often aware of. For example, almost everyone in the security community is aware that information sharing is an important undertaking -- one that is critical to a successful security operations program. Unfortunately, there are various organizational, bureaucratic, and other factors that can hinder timely information sharing. To work around this, analysts typically set up informal circles of trust in which they feel comfortable sharing non-attributable information, in accordance with the policies of the organizations they represent. These informal channels serve as a means to meet the operational demands of the mission while organizations work through the strategic endeavor of setting up formal information sharing channels.

Let’s continue to talk analyst to analyst. It’s a good thing.

No comments:

Post a Comment