There are a number of paradoxes in cybersecurity. One hacker can sometimes undo the good work of an entire army of cybersecurity specialists. And a cybercriminal only needs to aim well once to cause great damage, while companies need to be 100% alert at all times. All the more reason for CISOs and other professionals to step up their collaboration. This need for collaboration was the message my Tanium colleague Dan Jones delivered during the recent edition of CyberSQUAD in The Hague.

CyberSQUAD is an annual event that brings together young cybersecurity professionals to give this new generation of CISOs, CTOs and CIOs the opportunity to network and make contacts that can advance their careers. The event is an organization of the Connect2Trust, DIVD Academy and JongPvIB foundations. The agenda included lectures, networking opportunities and an evening program with the “Capture the Flag” challenge. The event was attended by students and alumni of the International Cyber ​​​​Security Summer School.

Exponential growth

Dan Jones, cyber security consultant at Tanium, drew on his own experience to outline how the fight against cybercriminals is evolving. When he became responsible for providing defensive cyber operations capabilities at the UK Ministry of Defence (MOD) in 2016, he led a team of 10 people and had one external partner. By the time he joined Tanium in early 2024, the team at MOD had already grown to more than 50 people and he was managing an ecosystem of more than 100 suppliers. His budget had also grown exponentially, but during CyberSQUAD Jones emphasized the number of cybersecurity specialists needed. Another notable development: while in 2016 he was mainly defending the UK and UK operations, over time his scope expanded to include connections with partners, for example through NATO.

“Nobody has attacked just the RAF or the Royal Navy,” Jones said. “They have attacked a system that has many branches and where many people share information with each other. Information that ultimately keeps millions of people safe around the world. Information that is a matter of life and death.” As an individual, you can’t defend all of this information, so a lot of collaboration is required. Within teams, but also with the outside world.

The importance of diversity

On CyberSQUAD, Dan showed a quote from author Simon Sinek: “Greatness comes when the person with wild imagination teams up with the person who knows how to get things done.”For Dan, this quote perfectly illustrates the diversity needed in teams.

“I was fortunate to be able to work with Soldiers on my team, including a Wing Commander who had a vision that I could help implement. Diversity is not just about gender or age, but also about different ways of working. That’s why I built my teams from people who had different viewpoints. I don’t like groupthink. The more diverse people there are on a team, the better the team performs.”

Diversity does not only refer to gender or age, but also to other ways of working.

Dan Jones, cyber security consultant Tanium

That’s why Dan encourages people to come into cybersecurity from other disciplines to gain new insights. And to bring young people into a team who will question everything. To illustrate this, Dan added a quote from British author JB Shaw: “A reasonable man adapts himself to the world; the unreasonable man insists on adapting the world to him.” Therefore, all progress depends on unreasonable men.”

The importance of networking

To grow as a cybersecurity specialist, Dan also believes it is very important to network with other people, as happened at CyberSQUAD, for example. Thanks to the principle of the “Chatham House Rule”, a “safe space” was created there where everyone could express themselves freely. By confronting other people’s ideas, you learn and gain experience. “I never hired people because of their degrees or certificates, but rather because of their experience and willingness to share knowledge. That makes you stronger as a team.”

This knowledge sharing should not only happen within the cybersecurity team, but also outside. That’s where a cultural shift is taking place. Despite all the awareness training, there is still a lot of work to be done. “Everyone blindly signs the contract that says they will never put a USB stick in their PC, but then people plug an old, never-updated Android phone into their laptop to charge the device. No one thinks about the fact that such a phone is a giant, insecure USB stick.”

Lack of visibility

In fact, it is basic things like this that can ruin the entire security system. Not just on an individual level, but the security of the entire network. Research from Tanium shows that 94% of companies have no visibility into up to 20% of their endpoints (PCs, laptops, servers). You can’t protect what you don’t know. “It’s not that complicated. We just need to make sure we see everything,” says Dan Jones. At the same time, he also knows: “We would love to have a configuration management database (CMDB) that we can rely on.”

To get to this point, we first need to have the necessary tools in place, such as converged endpoint management that ensures we see all endpoints. These tools also guarantee that all endpoints are provided with the latest updates and patches. In addition, good collaboration is required, especially between the security and IT operations teams. “They need to work together as one. However, they usually work against each other. Until an incident occurs, they are forced to work together. But once the incident is resolved, the competition starts again.”

Fortunately, a lot of things can be automated these days. “That’s necessary,” says Jones. “The number of threats is increasing, the number of endpoints is increasing, the complexity is constantly increasing. The only thing that is stagnating is the number of cybersecurity specialists.” Worldwide, there would be half a million too few. But thanks to tools like Autonomous Endpoint Management and the joint solution that Tanium and Microsoft have developed around Copilot for Security, a number of basic tasks can be left to the tools.

This is also a form of collaboration: technology needs people to work, but people also need technology to achieve good security. People are the problem, but people are also the solution. Or as Dan Jones put it perfectly: “Cybersecurity is a people problem dressed up in technology.”

This is a post by Wytze Rijkmans, Regional Vice President of Tanium. Learn more about the company’s capabilities here.