Security professionals are a busy bunch. Thanks to sophisticated threats, limited resources, product complexities, compliance demands and business objectives, you already are being pulled in what probably feels like a thousand directions - and that's on a good day.
Your job may never slow down. But when confronting these challenges, you can implement clever solutions that will help boost your time management, efficiency and performance to get things done. Much of the advice out there for improving productivity is repeated over and over (arriving at the office early, limiting meetings, taking regular "fresh air" breaks) - but much less available are suggestions specific to security careers.
Here are nine actionable "hacks" that will help you pick up your game and optimize your infosec routine, all while sharpening both your hard and soft skills in the process.
Many resources exist to help security pros be more productive. Here is just a sampling of the options our security researchers like: Trello, Slack and XMind for collaboration and communication; Evernote for note-taking and archiving; and Pocket for managing online reading lists. For task management, give Todoist a try, or for something more specific to security, Chef is cloud automation software used to manage infrastructure. If you're yearning for that old-school feel, books ranking high on our list include The One Minute Manager, Getting Things Done and Eat That Frog.
Outsource resource-consuming work
One simple way to improve your productivity and get your group back to concentrating on revenue-generating projects is by offloading your security burden to a specialist. Managed security services providers serve as trusted partners that help amplify protection in areas where your on-premises capabilities may be lacking.
Threat feeds and lists
Staying apprised of the latest threats, vulnerabilities, exploits and countermeasures is critical to your job. Thankfully there are a number of quick-glance feeds you can use to do just that, as well as digitally interact with peers in your field. We're big fans of Reddit's NetSec hub, the SANS Internet Storm Center Diary and SecLists.org's Bugtraq and Full Disclosure mailing lists.
Data breach repositories
DataLossDB and the Privacy Rights Clearinghouse catalog the latest breaches and the number of records exposed. (Spoiler alert: The list runs long). By tracking data breach incidents, you can arm yourself with additional decision-making information. For example, if you work in a particular industry and notice an uptick in breaches affecting certain types of businesses like your own, this may prompt you to more closely inspect your network for compromise.
Numbers motivate people to act and can have a dramatic impact on the success of your campaigns. As a security pro, you need to effectively connect and communicate with stakeholders across all departments, from the rank-and-file (to incentivize them to practice safer computing) up to board-level executives (to convince them to give you budget). Minimize your time spent researching for relevant facts and figures by using our convenient Security Stats hub.
Aside from reducing server costs and limiting server spawl, virtualization is a technology that also can help you more efficiently and effortlessly respond to threats. The technology lets you to set up "known good environments" that you can snapshot - and revert back to at any time. This can be useful for security pros to test their threat-fighting techniques against, as well to analyze malware, since you can easily undo any changes that were made to the environment without having to start from scratch and rebuild the environment every time. Virtualization can introduce risks as well, so it's important for pros to take steps like keeping VMs segregated from the rest of the network and hardening the host OS on which the hypervisor sits.
If the cool kids are doing it, you should be too. From the secure development lifecycle to quality assurance, coding is an important part of the cybersecurity discipline. Having an understanding of how programming works can also lead to increased productivity in other parts of your job, including threat detection and incident response. Among the most popular learning options is Codecademy, which offers free online tutorials.
According to the 2015 Trustwave Global Security Report, 42 percent of our breach investigations were of e-commerce websites. Organizations must implement technology that can protect this popular vector. One option is ModSecurity, an open-source firewall for real-time monitoring, logging and access control that is the most widely deployed in the world.
So far we've touched on some fairly cutting-edge tips in this list. But let's go back to basics - or your childhood - with the security version of the Rubik's cube. You remember playing with this 3-D logic game and puzzle? Well, then you'll love the "McCumber cube", a framework for evaluating your information security practices. The cube is meant to remind you that your desired data security goals (confidentiality, integrity and availability), the states of that data (at rest, in transit and processing), and the countermeasures you use (people, process and technology) all interrelate.
Got any other productivity hacks that work for you? Email the author, and we'll consider adding them to the list.
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.