Security teams are mainly made up of roles related to operations, compliance, and policy. Security engineering teams, on the other hand, are responsible for creating services, automating processes, and streamlining deployments to support the core security team and its stakeholders. These teams are usually composed of software and infrastructure engineers, architects, and product managers. The security engineering team has a different mindset than that of a penetration tester or third-party risk management assessor. For a security engineering team to be successful, it needs to have foundational technical skills, leadership skills, and individualized soft skills. It is important for the team to have the necessary technical skills to deploy services in Kubernetes, for example. Additionally, diversity should be incorporated into the team, as it can bring a variety of perspectives and ideas. However, it is important to be aware of the potential for complex interdependent outputs with linked failure conditions. Security engineering teams should be able to build and operate the services they produce, and they should have the skills to manage infrastructure, CI/CD tooling, security tooling, application code, deployments, and operational telemetry. It is also important for the team to be able to communicate and collaborate with stakeholders outside the group. Furthermore, the team should be able to adapt to changing requirements, technologies, and circumstances, and they should be able to continuously learn new skills, organizational context, policies, and ways of working. All of these skills are necessary for a high-performing security engineering team.
This Cyber News was published on www.csoonline.com. Publication date: Thu, 09 Feb 2023 10:09:02 +0000