We’re focused on…
The value of turning in the other direction to find new problems that need to be solved – or new solutions to problems that haven’t been solved.
Why?
Because we interviewed Owais Shaikh (Security Researcher at RedHunt Labs), and he said:
“See what nobody is paying attention to. We often have this insecurity that everything is already being solved by smarter people and that we have nothing to offer. But if you’re zealous enough and read tons of research papers, clone tons of tools from GitHub and play with computers, you’ll eventually find loopholes everywhere – and learn how to either exploit them or fix them.”
And it reminded us of something Terry Gilliam (British Comedian and Filmmaker) said once: that when you see a crowd walking in one direction you should turn around and walk the other way. Because that’s how you’ll stumble across the most interesting stories.
Perhaps sometimes, the same is true in cybersecurity. All the noise and big security stories of the moment distract us from other things that are happening – things that are also important, and worth solving.
Pay attention to every detail
Security researchers are pretty good at not getting too caught up in the big news of the moment. Good researchers are always scanning the environment for vulnerabilities and threats that other people haven’t noticed yet.
Different researchers have their own methods – no two of them work in exactly the same way.
But generally speaking, their methods include:
Comprehensive security assessments using frameworks like the NIST Cybersecurity Framework, to evaluate an organisation’s security posture in a systematic way – and identify vulnerabilities and gaps.
Analysing past breaches and security incidents to understand how and why they happened, and the kinds of threats that an organisation might be particularly vulnerable to; as well as identifying patterns that show where existing security controls weren’t up to the task.
Monitoring user activities and traffic on a network in order to establish patterns and detect any anomalies – because anomalies often point to suspicious behaviour.
Engaging in constant exploration of emerging threats and attack types to stay ahead of the curve; using threat intelligence feeds and industry reports.
Working to engage employees across all departments in an organisation, understand how their work practices might create vulnerabilities, and drive awareness to foster a culture of security.
Whether researchers are working for one particular organisation or looking at the threat landscape more broadly, they take a comprehensive and data-driven approach – but they also put people at the centre of their work. They know that humans are often the weakest link in cybersecurity, and they strive to make that link stronger.
What does ‘turning the other way’ really mean?
All of the above strategies can help a researcher to look beyond the problems that most people are focusing on – and identify new threats, new vulnerabilities, and new solutions.
There will never be a day when every problem in cybersecurity has been solved.
And ‘turning the other way’ might look like…
Acknowledging that everyone in an organisation is concerned about one type of threat, but taking the time to analyse a network for other anomalies and pursue other potential problems instead (or as well as) that well-known threat.
Deciding that enough researchers are already focused on the high-profile threats of the moment, and deciding to dig in and explore other areas of security that might be neglected.
In short: if you want to be an excellent researcher, don’t be swayed by the tide of trends. Be ready to swim against that tide and put yourself in deeper water. Because it’s there that you’ll find something no one else has spotted – and that’s how you can make your mark on the cybersecurity sector.
Read our full interview with Owais Shaikh: How do you build a career as a cybersecurity researcher?
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!