Research Shows that the Best Cyber Defense Teams are Antisocial
A new study that involved Army research to find the best cyber security defense team members showed that the best people for the job are antisocial, reconfirming what many people confirmed as the stereotypical programmer as the best person for the job. In March and April 2017, the Mid-Atlantic Collegiate Cyber Defense Competition studied a group of hackers and cyber security analysts to find the best in the industry. The results showed that analysts and defense teams did not need to consult other members of the group, because they were competent enough to find the answers without help from other team members.
Successful Cyber Teams Don’t Need Discussion
It’s a common theme with most organizations. They need someone who acts and makes decisions on the fly, especially when those decisions involve cyber security. People who can make the right decisions quickly are an enterprise’s most valuable asset because a security breach only takes a few minutes to happen. An enterprise needs that person who can identify a cyber security attack and react immediately without much input and without the need to consult other team members before taking the necessary steps to protect from a data breach. This is what happened in the latest Army competition.
The competition had several metrics. The two main ones were performance based on the reaction and solutions of team members. The other was human-focused tasks where team members were required to work with other people to create solutions.
An interesting outcome of the test as outlined from Ars Technica:
“Our results indicate that the leadership dimension and face-to-face interactions are important factors that determine the success of these teams,” the researchers found. But while teams with strong leadership were more successful, “face-to-face interactions emerged as a strong negative predictor of success,” the research team noted.
Just to explain these findings, imagine a team trying to find the solution to a specific IT security problem. In the experiment, it found that teams that had strong leadership were more successful, but success did not come from any person to person interaction. As a matter of fact, person to person interaction had a negative effect on the success of a cyber security defense solution. The test showed that not every team needs human interaction to come up with a successful plan to defend against cyber security attacks in a stressful situation.
Do Cyber Security Experts Need a Team?
In a traditional setting, most managers and HR personnel think that having a group of people in a team interacting and finding solutions is the key to finding fast, efficient answers. IT people are a little different, and it’s evidenced in this experiment.
For people outside of IT, this might come as a surprise, but programmers and security experts often work well without any outside interference. This could be from the need to focus on the problem at hand and constantly find ways to fix the issue. Many programmers need silence without interruption to find solutions. This can also be said of cyber security experts. This experiment brings to light the issue of traditional teams and HR mantra that a team with as much input from other team members is the best human setup a corporation can have. It’s also a common misconception that this is how the best solutions are made, but it’s not the case with IT or programmers.
This experiment shows that it could be best to let your best security people attack a problem solo without too many people, and that forcing interaction can actually be a detriment to the business.
See GateKeeper Enterprise in action
Take a self-guided tour of GateKeeper Enterprise, the proximity-based centralized access control for secure identity and access management.