I love my job! No, I’m not gloating that I've been able to
spend time in the warmth of Florida, knowing its frigid cold back home in
Maine! I seriously love my job. I wonder
how many people in the InfoSec space can say that. An official count tells me
not many!
Every quarter, Red Sky hosts a day-long briefing with our
members. “Threat Day” is central in establishing lasting relationships between
the members. These events, also establishes trust and fosters a sense of
community.
We heard how an incident response team discovered a targeted
attack and their smart, timely actions to thwart it, given a dossier on the cultural
and political motivations of state sponsored ATP, and the creation of new tools
that sifts through big APT indicators quickly and efficiently.
It was a very successful event and we are already looking
forward to the next one!
A side topic of discussion this week was the observation
that communities and information sharing environments are starting to pop up
quickly. These sharing environments are
becoming prevalent because there’s real need to share data and solution
providers have figured out that brand loyalty is as much human connection as it
is providing a solution to a problem.
As the large InfoSec companies monetize the information
sharing concept, I can’t help but think of some of the thoughts Red Sky’s lead analyst
recently shared with me, which I think are spot on. It is his conclusion that sharing communities
fall into two categories – ad hoc or constructed. Each of these community models has their pros
and cons but before submitting your indicators, I ask you to consider the
following.
The ad hoc community is the simplest to establish and are a
result of necessity rather than by choice.
They may be loosely regulated and unstructured and sometimes lacking
finished conclusions but these communities are fast moving, quick to respond,
and provide a diversity of ideas, particularly deep technical evidence. If you’re looking for a quick infusion of
information, this may be the perfect community for you.
The constructed community is one which participation is
purposeful. Generally, membership is by
request or invite only and governed strong bylaws. However, rigid rules and
over governance can inhibit and even discourage sharing of information. On the
upside, constructed communities reduce static, unnecessary and redundant
information. When information is shared, its high fidelity, and you’re less
likely to take a “wait-and-see” approach.
Red Sky is taking what is best from both community models
and bringing them together in a single environment. The strength of our community is equal to the
strength of the relationships and trust between members. This is why we
emphasize the value of our quarterly meetings!
This week’s Threat Day in Tampa is a reaffirmation of this belief. We
work hard to bring smart people together, give them the tools to do their job
efficiently, and provide them a content rich environment to share information,
you can accomplish great things!
In the future, when asked to join a group to share your
information, ask yourself which type of community you’re being asked to join, what do you expect to get in return for
your information, and do you trust those on the receiving end?
If you’re interested in our Threat Day’s or want to join the
conversation, email me directly at rgamache@redskyalliance.org
No comments:
Post a Comment