Cyber Teams
KimCrawley,
Jun 14
2021
Your business needs defensive security specialists. Cyber defense is a component of many IT roles, from the Security Operations Center (SOC), to network administrators, to systems administrators, to threat analysts, to digital forensics and incident response (DFIR).
Here at Hack The Box, we’re known for our hands-on, fully interactive hacker training programs. Over half a million people are benefiting from our gamified cyber training platform. We have cybersecurity training programs specifically designed for business, so companies can train their employees in cyber offensive skills, preparing them for the ever evolving cyber threat landscape.
It makes sense that your red team and your penetration testers can learn a lot from our Dedicated Labs, Professional Labs, HTB Academy, and Business CTFs. But not everyone knows how important offensive cybersecurity skills are to defensive security specialists (such as (SOC analysts) too.
It’s the responsibility of your cyber defense to patch and mitigate vulnerabilities in your network. They need to make sure that operating systems and applications are configured and deployed securely. They need to watch your network for potential cyber threats. If you think about it, one of the best ways to prepare for cyber threats is to understand why they exist in the first place.
Hack The Box’s business cybersecurity training programs will show your defensive security professionals exactly how a cyber attacker thinks. You can get inside a cyber attacker’s head by pretending to be a cyber attacker yourself. Our services give your employees the platform they need to experiment with cyber exploitation in a safe and educational environment.
Daniel Miessler is an expert on security testing and how different areas of cybersecurity are relevant to each other. His website is full of great content about both offensive and defensive security. Because he’s great at thinking both offensively and defensively, I asked him for his views about why defensive security professionals need hacking skills.
Crowgirl: What are some ways that learning pentesting skills can help someone who works in incident response?
Daniel Miessler: At the mid to senior levels of incident response, the game isn't so much about finding X signature or Y IOC (indication of compromise). It's more about looking for patterns of behavior in attackers.
Just like any adversarial contest, each side is at an extreme disadvantage if they cannot imagine themselves in their opponent's position in an attempt to understand their goals, motivations, tools, techniques, and so on, so as to better anticipate their next actions.
This is why offensive skills are so crucial for defensive players.
It's not so much about offense or defense. It's more about seeing the game from the position of your opponent.
So just as red teamers would benefit greatly from spending time on a blue team, blue teamers should absolutely learn the offensive side.
It provides a perspective that magnifies the value of all the other signals seen during incident response.
Crowgirl: Are there some defensive roles that benefit from a hacker mindset more than others?
Miessler: I would say any role above entry-level benefits greatly. There isn't that much value at the Tier One analyst level, but above that it becomes increasingly beneficial. So Tier Two and Three, SOC analyst, SOC manager, etc.
Crowgirl: Do you think eventually people who only have defensive skills will be at a disadvantage in the job market?
Miessler: I think they already do, but yes, I think that disadvantage will grow as automation gets better at lower tier tasks. In other words, if automation/AI starts encroaching on Tier One analyst work, then most people will need to be Tier Two and above, which is where the offensive mindset matters more.
David “0xdf” Forsythe is a Training Lab Architect at Hack The Box. He applies his expertise to create hacking training content that can make sure your employees think like a cyber attacker to improve your organization’s cybersecurity.
0xdf: I spent much of my career on the defensive side, but got into HTB as a hobby. I was regularly smarter in my blue team role when dealing with various threats because I had done those things myself already in the HTB labs. I know how they worked and had more insights into how to stop them.
When you perform some exploit or technique, you have the opportunity to learn so much about how it works, what it actually gains you, and what makes it break. As a blue defensive practitioner, I could put that into practice in so many different ways. Sometimes it was knowing how to stop an exploit from working or where to look in logs for evidence of that attack. Other times it was knowing the limits of an exploit, so helping to prioritize that for the organization.
Well-rounded cybersecurity professionals are the best cyber defense any organization can possibly have. Think like an attacker so you can stop them in their tracks.
Seasoned blue teams and cyber defense specialists have a better understanding of why cyber attacks happen, with a variety of hacking skills. They know how networks are penetrated. They understand privilege escalation, software vulnerabilities, and the latest exploitation techniques.
Hack The Box’s cybersecurity education programs for business are constantly updated with fresh new content that reflects how cyberwarfare and cybercriminal groups evolve their tactics over time.
It’s tough to create employee cyber education programs from scratch. Some of the most successful companies in the world, from Electronic Arts to Siemens, trust Hack The Box to make sure their cybersecurity professionals are ready for whatever the cyber threat landscape throws at them. Our adversarial training labs and cybersecurity courses in HTB Academy are fully interactive and gamified. So your employees will have fun while putting their cyber skills to the test.
Your business will see the greatest benefit from training both your offensive and defensive security specialists.