Research Shows that the Best Cyber Defense Teams are Antisocial
A new study that involved Army research to find the best cyber security defense team members showed that the best people for the job are antisocial, reconfirming what many people confirmed as the stereotypical programmer as the best person for the job. In March and April 2017, the Mid-Atlantic Collegiate Cyber Defense Competition studied a group of hackers and cyber security analysts to find the best in the industry. The results showed that analysts and defense teams did not need to consult other members of the group. This is because they were competent enough to find the answers without help from other team members.
Successful Cyber Teams Don’t Need Discussion
It’s a common theme with most organizations. They need someone who acts and makes decisions on the fly, especially when those decisions involve cyber security. People who can make the right decisions quickly are an enterprise’s most valuable asset. This is because a security breach only takes a few minutes to happen. An enterprise needs that person who can identify a cyber security attack and react immediately without much input. This is what happened in the latest Army competition. Reaction times matter.
The competition had several metrics. The two main ones were performance based on the reaction and solutions of team members. The other was human-focused tasks where team members were required to work with other people to create solutions.
An interesting outcome of the test as outlined from Ars Technica:
“Our results indicate that the leadership dimension and face-to-face interactions are important factors that determine the success of these teams,” the researchers found. But while teams with strong leadership were more successful, “face-to-face interactions emerged as a strong negative predictor of success,” the research team noted.
Just to explain these findings, imagine a team trying to find the solution to a specific IT security problem. In the experiment, it found that teams that had strong leadership were more successful. But success did not come from any person to person interaction. In fact, person to person interaction had a negative effect on the success of a cyber security defense solution. The test showed that not every team needs human interaction to come up with a successful cybersecurity defense/reaction plan. To defend against cyber security attacks in a stressful situation may be best done by smaller teams.
Do Cyber Security Experts Need a Team?
In a traditional setting, most managers and HR personnel think that having a group of people in a team interacting and finding solutions is the key to finding fast, efficient answers. IT people are a little different. The experiment showed this.
For people outside of IT, this might come as a surprise, but programmers and security experts often work well without any outside interference. This might be because of the need to constantly focus on the problem at hand to find ways to fix the issue. Many programmers need silence without interruption to find solutions. This can also be said of cyber security experts. This experiment brings to light the issue of traditional teams and HR mantra that a team with as much input from other team members is the best human setup a corporation can have. It’s also a common misconception that this is how the best solutions are made. But it’s not the case with IT or programmers.
This experiment shows that it could be best to let your best security people attack a problem solo without too many people. Forcing interaction can actually be a detriment to the business. Everyone has a different personality. Best to let people do what they do best.
See GateKeeper proximity access control in action.
Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.