Many cybersecurity professionals decide to specialize and focus their efforts on becoming masters of a particular focus area within the larger field. While the world needs these specialists, it also has a substantial need for cybersecurity generalists, or what we’re calling “all-around defenders.”
As SANS Certified Instructors Justin Henderson and Ismael Valenzuela explain it, all-around defenders are cybersecurity professionals who need to know a little bit about everything. “But all-around defenders also have to accept the fact that you’ll never know everything about everything,” Justin explains.
What Makes for A Great All-Around Defender?
To caution, it’s not easy to be an all-around defender. It requires an individual to do many things well, and to understand enough about everything to be able to see the bigger picture. It’s that bigger picture that will enable the all-around defender to balance the need for prevention, visibility, detection, and response across all the technology fields.
And rather than focusing on vendor products, all-around defenders are most interested in the technology, Ismael adds, “understanding a little bit of endpoint, a little bit of network, a little bit of cloud, to see how all these things work together.”
“You have only so much time to invest in training, labs, etc.,” Ismael says. “If you spend all that time learning how a product works, you’re not going to see that bigger picture. Instead, you need to know enough of the technology to know that this is the piece I need to solve the problem.”
Often, all-around defenders are naturally curious – “almost a hobbyist; someone who is not just happy knowing what to do, but how to do it and why,” Justin says. “We’re also often personally invested in the security of the company and tend to view it as our own.”
But it’s not just technical skills that make for a great all-around defender. You also need to be able to communicate effectively with the business side to help line-of-business leaders see the bigger picture as well.
How to Level Up in Becoming an All-Around Defender
Ismael and Justin have launched a three-part webcast series aimed at helping you define what it means to be an all-around defender, as well as how to get hands-on experience by building your personal lab.
In the first part of the series, embedded below, Ismael and Justin share their life journeys to becoming all-around defenders. Parts two and three will cover how to build your own home lab to mirror enterprise-level defenses.
Ismael and Justin are also the co-authors of SEC530: Defensible Security Architecture and Engineering, currently available for registration in our Live Online and OnDemand formats. Demo the course for free here.