Care and Feeding of the SOC’s Most Powerful Tool: Your Brain

It is safe to say that we all have a memory that makes us smile or gives us a good laugh. Or a memory that reminds you of how far you or a friend have come and gone over the years, especially in a profession as complex as cybersecurity.

This memory brings me back to a week-long red team/blue team exercise: a “friendly” defend-the-castle scenario between classmates. By friendly, I mean we set out to obliterate our networks (in good fun, of course). The week started great. Our team had a few easy wins and gained shell access on several target systems (deleting System32 is a great way to annoy your opponents). But as the week went by, things started to fall apart. Everything made sense, and then it didn’t. Data began to blur together, and tasks felt repetitive. Someone threw out an idea, while someone else wanted to argue. There came the point where I caught myself slumped over, staring at my keyboard. Not a single thought could process in my head. Finally, I hear, “Hey, this looks strange.” During this phase of the exercise, hearing that statement was like music to our ears.

Our team seemed to snap out of our daze in unison and huddled around our teammate’s monitor. He explained what he saw, and we reviewed the packet capture together. “How long have you been monitoring this IP address?” one classmate asked. “For a few hours!” he responded. “That’s your IP. You were monitoring you, monitoring them.” The room fell silent for a few moments then we all laughed (including him).

I think about that memory often. Mind you, this was a knowledgeable person whom I highly respected. But I could see it on his face that he was burned out. This brings up a great lesson to remember in any profession, especially cybersecurity — our minds can do amazing things, but we must be aware of cognitive overload. When our working memory is overloaded, we can no longer process information effectively, we experience decreased performance, we can make detrimental mistakes and judgments, and even the simplest of routine tasks can seem foreign.

For example, I was on a mission where I parsed billions of network events. The amount of information was enough to make my head hurt. It was like trying to find the needle in the haystack. I was reading the information on my screen, but I wasn’t absorbing the content in ways that I usually would. Fields and metadata of each event became indistinct, like looking at the last line of an eye exam chart. My thinking capacity was full, and unlike computers, we cannot add more RAM or plug in an external hard drive to our brains.

Cognitive overload goes even further in that it can affect our emotional well-being. When we are emotionally well, we can produce positive thoughts and adapt to challenging situations. This is imperative when facing the dynamic cybersecurity domain where the stakes are incredibly high. I have had days where I simply felt defeated. My head would fill with negative thoughts that caused even more stress:

Maybe I am not good enough.

I don’t know what I am doing.

I am going to get in trouble.

All these things weren’t true, but they were true to me at the time. I couldn’t sleep at night, and my thoughts followed me to work. The trickle-down effect that stems from cognitive overload is vicious and unrelenting.

Tips for Avoiding Overload

Here are some of the most important things I have learned over the years as a cybersecurity professional about reducing cognitive overload. 

  • Know when to ask for help. Be concise and specific, or you’ll never get the help you need.
     
  • Speak up for yourself. Voice your opinions about important topics, such as heavy workloads or outdated procedures.
     
  • Sometimes, looking at tasks with fresh eyes is the best answer. On several occasions, I have found myself seeing what I wanted and not what was in front of me.
     
  • Try to focus on one task at a time. Wandering thoughts are a natural part of how our brains work and can quickly cause us to draw our attention in different directions.  
  • It is hard to see the entire picture when you are standing in it. Take the time to self-reflect and attend to your needs.

Whether in the military or private sector, I have always been surrounded by selfless people. I didn’t understand the significance at the time, but that red team/blue team exercise helped shape the way I work.

That day, my classmate taught me a valuable lesson — that monitoring yourself (pun intended) is essential to a healthy and successful career, and no, I don’t mean using a packet analyzer. When we see ourselves clearly, we have the ability to do great things like accelerating change in our organizations and advancing the cybersecurity profession as a whole.

Read More HERE

Leave a Reply