In today’s connected world, absolutely everyone benefits from an advanced cybersecurity protocol. At the individual level, a cybersecurity attack could result in everything from extortion attempts, financial theft, identity theft to the loss of important personal data, including priceless photos and videos. On a business level, a data breach could effectively threaten critical societal infrastructure, including financial institutions, hospitals and even power plants. Securing these organizations is integral to keeping our society functioning as it should. Cybersecurity is not to be taken lightly, and so; the people we rely on to keep our networks and computer systems secure is unquestionably one of the most important decisions any business can make. This decision could make or break an organization’s reputation, literally.
Who should you hire?
When faced with the task of securing your organization from cyber threat, the choices can be daunting, particularly for those who lack the experience and information required to make an informed decision.
If we take a step back and consider the opposition itself, black-hat hackers, the decision may become clearer as to how we can narrow down the options.
The Defining Personality Characteristics of a Hacker
At present, the best accepted and most commonly used model of personality in academic psychology is known as the Big-Five Factor Markers. The test itself consists of fifty items that one must rate on how true they are (about you) on a five-point scale.
The five factors of personality are conscientiousness, extraversion, agreeableness, neuroticism and openness to experience.
Black Hat Hacker: Considered cybercriminals; they don’t lose sleep over whether or not something is illegal or morally wrong.
White Hat Hacker: Considered the good guys because they follow the rules when it comes to hacking into systems with permission and obey responsible disclosure laws.
Grey Hat Hacker: May have good intentions, but may not disclose flaws for immediate fixes; they prioritize their own perceptions of right versus wrong despite what the law may or may not say.
Amongst black hat hackers, the personality trait that stands above the rest is their openness to experience. Individuals who score high in this scale are often indicated to have high intellect and creativity. They like to play with new ideas. The real world is often a bore to these individuals and, as can be expected, many of them end up seeking out new experiences.
In the case of the black-hat hacker, the internet often becomes the perfect outlet for that creativity and adventurousness. The natural curiosity and creativity of black hats, combined with their desire for adventure often results in them using their skills with detrimental effects, particularly if they feel slighted by societal constructs.
Who do I hire to protect my organization?
Now that the adversary has been identified, the selection process for optimal defense becomes clearer. As creativity and curiosity seem to be the cornerstone of black hat success, these traits should serve in the decision-making process when hiring a cyber security team (also known as penetration testers.)
When exploring avenues of creativity, there are generally two main streams of thought, generalists and specialists.
On the one hand, generalists, also known as the “Jacks/Jills of All Trades, Masters of None” combine insights from fields that seem unrelated to form solutions. They are said to connect the dots where others may not see a link. The best example may be Henry Ford’s idea of car manufacturing assembly line which was inspired by Singer sewing machines and meatpacking plants.
However, contrasting studies have found that extensive domain-specific knowledge is a prerequisite for creative functioning. This vector of research suggests that specialists, with their deep understanding of the subject matter, are more adept at spotting and seizing emerging opportunities.
Should I hire a “Jack of All Trades, Master of None” or a “Master of One”?
As is the case with most things in life, it depends.
As it turns out, the pace of the environment determines the optimal mindset for creative performance.
To test the two types of capabilities that improve creative performance, Florenta Teodoridis et al., compared mathematicians working in fields that that experienced rapid change, and those working in slower-paced environments.
In a slower-evolving environment, specialists are generally 22% less productive than generalists. In a faster-evolving environment, however, specialists are 37% MORE effective than generalists.
In fact, not only do generalists in a fast-paced environment perform worse than specialists in a faster paced environment, they actually perform worse than generalists in a slower-paced environment.
In other words, generalists appear to be relatively successful just so long as the pace of change is not too quick, but their efficacy decreases inversely with the pace of change of the environment. In distinct contrast, specialists appear to perform better when the pace accelerates.
Cybersecurity Threat Landscape
As exemplified by the never-ending media bombardment of data breaches, the pace of the cyber threat landscape expansion does not appear to be slowing down anytime soon. Despite global increases in cyber security spending, there does not appear to be any slowdown in sight. Cyber threats are emerging faster than most organizations, including government agencies, can keep up with. The Canadian Government recognizes that this pace will only increase, thus the evolution of advanced cyber threats is indeed a fast-evolving landscape.
Specialists: Your Organizations Supreme Defense
In review of the facts at hand, it becomes clear that when looking for the ideal candidate to protect your organization, its assets, clients and its reputation from cyber threat, it’s recommended that you hire the very best the industry has to offer. In this case, a specialist penetration testing firm will always be the most effective option, at least as long as the pace of the changing landscape remains high; which it should continue to be in foreseeable future.
Our mission to continually stay on top of current threats and vulnerabilities has helped distinguish our testing from our competitors. Often times, firms will try to commoditize security testing by performing automated testing (VA scans) with little benefit to the client. Our methodology only begins with automated testing. Thereafter, our extensive experience allows us to manually uncover high-risk vulnerabilities which are often missed by conventional testing methodologies.
We mandate training and continually learn and adopt new attack techniques for our clients. We are always digging deeper to uncover vulnerabilities that may have been overlooked. Our mission is to maintain the fact that not one of our clients have been breached by a vulnerability we’ve missed; we take this very seriously.
10 January - Blog
Your Guide to Objective-Based Penetration Testing
14 December - Blog
2022 in Review and Our Predictions for 2023: Cyber-Threat Landscape
05 December - Blog
Choosing a Penetration Testing Company: Methodology & Certifications