The day to day practice of cybersecurity is based around asking questions. How do I secure my applications? How do I protect my data’s integrity? How do I manage storage and access?
We all know the countless challenges of being on the front lines of cybersecurity. The barrage of new threats, the mundanity of being reactive, and the disconnect between security teams and executives.
These problems aren’t new. But they subsist. Stubbornly. Unwavering.
Now to the big question. Why?
I posit it’s because we start off by asking the wrong questions. We tend to think in broad, yet generalized strokes.
For example, “How do reach this compliance standard?” This type of general question leads to general answers.
Why not start with the most basic and focused questions?
“What are the specific use cases I need to address to solve the problems that are unique to securing my organization?”
Think about what’s commonly known as the Socratic Method. In a simplified sense, it’s a cooperative discourse that volleys questions back and forth. The purpose is to refine the thought process and critically examine presupposed ideas. That work builds bridges of knowledge and draws out higher levels of truth and insight.
Data means nothing until you ask it a question.
Within the context of the question, you turn data into knowledge – an applicable use of otherwise disorganized and chaotic facts. Then, applying human ingenuity and creativity, you examine, poke, and prod knowledge. To discover what’s hidden between the surface-level lines.
Transform knowledge into insights.
Insights are those truths that ought to be sitting readily in front of us. Yet they remain elusive for many reasons. Sometimes because of their simplicity.
We overlook the questions we ought to be asking because asking questions of data so far has not been an easy endeavor. Yet insights are the keys that open the locks to the problems we aim to solve. So shouldn’t we be asking the right questions at the right time to get to them?
Better even, what if we could have these questions asked for us? An autonomous security analyst platform to bring questions to us that we would have never thought of? And as in the Socratic Method example, person and machine bounce questions back in forth between each other to get to real levels of insights that solve the answers to our use cases.
Think about every relationship you’ve ever had. How do you get to know someone? It’s through a series of statements and questions you share with each other. Data today is no different. What starts off as a stranger turns into an important relationship.
So a big part of redefining our approach to cybersecurity needs to take into account not just the technology solutions, but a paradigm shift towards questions. One that focuses on knowing the data we need to have, to ask the questions we want to ask, to get the answers we need to have.