Faster decision making in cybersecurity—whether in day-to-day operations or when under cyberattack—can mean the difference between a massive ransomware payout and, well, nothing.
“Faster is indeed better,” said Nicole Malachowski, retired Colonel in the U.S. Air Force. “It’s what I call the Mach 2 mindset.”
That’s like protecting your company’s IT infrastructure from cyberthreats as fast as a plane flying from New York to Los Angeles in just an hour and a half—about twice the speed of sound at more than 1,500 miles per hour.
Retired Col. Malachowski shared her perspective in a keynote address during VMware Security Connect 2021. Speaking to security professionals, she described why speed is critical to success, whether flying missions or defending networks. Among other advantages, speed yields more options, she explained.
And after a pandemic year in which chaos and unexpected change had InfoSec teams on alert, Malachowski suggested that a Mach 2 mindset could be just what security practitioners needed to counter emerging threats.
“There's no doubt, within the cybersecurity field, things have changed this year. The whole world has gone online and become more dependent on you,” Malachowski told attendees. “And with that shift to online, your adversaries have also increased their threats … Speed gives you options. The faster you are in your processes, procedures and practices, the more you can outthink, outrun and outmaneuver the enemy.”
More Speed, More Impact
Not every year is as life changing as the last. And not every day brings with it a crippling cyberattack. Still, regardless of the current threat environment, Malachowski said, “Speed is life.”
Capitalizing on speed to enable faster decision making in cybersecurity requires different competencies depending on the environment. Malachowski divided the environments in which professionals were likely to find themselves into three categories:
- A chaotic environment, marked by air combat or an all-out cyberattack.
- A controlled environment, such as during training or daily operations.
- An unexpected environment, which can cause a 180-degree pivot.
In all three environments, it’s important to understand the capabilities at one’s disposal—all the technology resources and solutions—that can be brought to bear instantaneously to defend the enterprise infrastructure.
“The faster you go, the more you can impact exactly how your technology is used,” said Malachowski. “And when you have speed, you force the adversary—or even your competition—to use their limited time, talent and treasure first. Speed is indeed life.”
The Chaotic Environment: Clear Division of Duties
There are three things that allow teams to make decisions at top speed: a clear division of duties, shared accountability and concise communications.
Everyone needs to know their roles and that their partners are executing theirs exactly. “By making sure we have that clear division of duties, we’re able to speed up our execution safely and precisely,” said Malachowski.
Cybersecurity teams also need to understand how they’re interconnected and co-dependent. “Yes, it was me, the pilot, who would push the button to deliver that weapon. But it was all of us taking accountability for where that weapon landed, and how impactful and effective it was,” said Malachowski. When there’s no question about accountability—because it’s shared by design, practice or process—teams make decisions faster under chaotic conditions.
And when chaos reigns, cooler heads must prevail to maximize speed. Clear communication instills calm and confidence, said Malachowski. When she would train new pilots, she would insist they learn to sound cool on the radio, regardless of what chaos might be going on around them. “Is what I'm about to say or do going to instill calm and confidence or is it going to add to the chaos?” she’s suggested they ask themselves.
The Controlled Environment: Discipline, Focus, Teamwork
Remember pre-pandemic days, when things were less chaotic? Looking forward to getting back to “as normal as” cybersecurity looks today?
Controlled environments are where discipline begets faster decision making—the discipline to fall back on foundational skills, professional standards, best practices and procedures, industry-accepted certifications and more. When the environment is more controlled, muscle memory is the key to speed, said Malachowski, enabled by practice and repetition.
Controlled environments also present an opportunity for team members to build trust by becoming experts in their respective subject matter and to plan for contingencies. Malachowski described asking young lieutenants in her command when they thought they’d make the decision to eject from a fighter jet. She’d get various answers (running out of fuel, striking a flock of birds, etc.), but would emphasize, “You make the decision to eject before you ever take off.”
In cybersecurity, planning for contingencies in advance, when things are under control, allows teams to react quickly when chaos—or the unexpected—arises.
The Unexpected Environment: Slowing Down to Speed Up
Finally, there’s chaos—when the cyberthreats that an organization prepares for come to pass. And then there’s the unexpected, which they didn’t necessarily see coming but knew their preparation would help address.
When the unexpected happens, it’s still important to be fast. But teams may need to slow down briefly before they can attack their adversaries with speed.
In the Air Force, Malachowski said this meant achieving “corner velocity”—an instantaneous shift in performance that allows a jet to make the quickest turn in the shortest amount of time. And like contingency planning, corner velocity is determined before it’s needed. Depending on various factors, a fighter pilot knows her mission’s corner velocity before the plane takes off.
“What does corner velocity look like for you and your team?” Malachowski asked attendees. “What resources, skills and people are necessary to instantaneously shift to corner velocity so you can set a new course and re-accelerate in an efficient manner?”
Under any circumstance, when it comes to faster decision making and bringing speed to bear on adversaries, “Don’t let technology fly you,” said Malachowski. Always think ahead of the technology at hand. Because the last thing a team wants—whether flying fighter jets or protect IT assets—is to get slow.
“You can't get behind because it's going to be a very inefficient use of your limited time, talent and treasure to get back up to the speed you need to engage your adversary,” said Malachowski. “The faster you go, the faster you go faster.”
Listen to the whole keynote on demand at VMware Security Connect 2021.