“If All You Have Is a Hammer, Everything Looks like a Nail“

In information security, we tend to focus on tools at the expense of not understanding what these tools are there to accomplish. By doing so, we miss a deeper level of understanding and problem solving because we snap to specific technologies without a clear understanding of the challenges we need to solve.

Years ago, being a technology practitioner meant that you were tool agnostic. While you may have had more experience with one technology or platform over another, the most critical part was understanding what problem implementing a piece of software, a new tool, or technology was there to solve. The industry has become focused more on shiny new tools and implementing these new technologies before identifying problems, business impact, and requirements.

As an information security professional, be intentional about understanding the problem, current processes, and potential impact before purchasing or implementing any new technology/tooling. Deploying the latest and greatest SaaS tool will not solve your organization’s core issues. Look beyond.

Understanding the Problem

InfoSec teams are highly reactive—for a good reason—but this can also be detrimental to a team’s growth. Many InfoSec teams will rush to purchase a best-of-breed tool: for example, Team Blue will rush to acquire an incident response tool, but it lacks a formal incident response process and an understanding of current state flows. Instead of understanding the problem first, teams jump to purchase and implement more technical debt and systems that sit unused for six months. Before you engage any tool vendor for a POC (proof of concept), be proactive and clarify the exact problems you are looking to solve internally. Doing so will require you to converse with stakeholders across the company and solicit feedback. Then, document these requirements along with any organizational expectations, challenges, or possible limitations.

Understanding Current Processes

During your first month at an organization, do you start deploying tools and systems? Probably not, because you still have limited visibility into challenges and opportunities. I cannot emphasize how important it is to focus on the what and the why. Taking this approach will allow you to become proficient in problem solving first and platforms, systems, and tools as a fast follow. Even if you are skilled in specific tooling, every company operates differently, and one size does not fit all. Take the time to understand short- and long-term needs because your choice of tool may not be what the company needs.

You Cannot Solve for What You Do Not Understand

Information security is not about the tools, systems, or platforms. It is about mitigating risks and protecting the confidentiality, integrity, and availability of an organization. The tools should help you accomplish that end goal but only once you truly understand what that is. Your job as an InfoSec practitioner is to understand these gaps and challenges.

Focus on the WHAT and the WHY before you jump to deploy yet another tool or service that will ultimately cause more issues.