The Need for the Cross-Functional Security Analyst
Ok sure that sounds corny but give me a second and hear me out. First of all I am never one for adding more or doing repetitive stuff that is being done as long as it is being done RIGHT. In cyber security one thing time and time again that is NOT being done right is information sharing within the entire organization. No I am not talking about the latest hot trend of Threat Intelligence, although that would be a factor in this. What I am talking about is an established and identified entity with the latitude and resources that's sole purpose is to track, analyze, facilitate collaboration, and respond to information security information across all aspects of the business. Too many times I have witnessed organizations hampered by bureaucracy, siloed operations, or either too broadly, or at times too narrowly focused objectives in the area of dealing properly and holistically with security information that could impact the organization. This is not to say that these organizations are not doing a decent job on gathering various data that could be important to the security, health, and welfare of the organization. However what seems to happen many times is that this information is not accurately and fully assessed across all lines of business and areas of potential impact. It is often pushed into "areas of expertise" within the organization without anyone doing a holistic impact analysis or assessment across the organization as a whole.
In the past we could get away with this. Attacks and threats were focused and ingress and egress routes were more narrowly defined and observable. Today that is no more. With the ubiquitous nature of communications, the "social freedoms" of the digital age employees, the intimate necessity of proper supply chain management, and a entire slew of other challenges a security analyst whose sole focus is on "tying pieces together" across the entire organization is needed. What would this take? Well first a strong management buy-in to establish a new type of security entity that has a broad range of analytical skills and experience. More importantly it would require the organization to relinquish some centralized power and control or at the very least share it with those established to undertake this venture. Lastly latitude, visibility, and participation across all BU's would be of paramount importance in order for this to properly work.
What would the pay off be of something like this? I believe if properly executed it would allow organizations to become much more resilient across the entire spectrum of operations. Issues and threats that could impact multiple areas (HR, Physical, IT, Legal, etc). could be identified beforehand or at a much quicker rate. This would allow for an agility that is needed in the area of a true holistic security operation mindset that is needed today. What are your thoughts?