CSC's screening of potential white-hat security employees is so intimidating that 80 per cent of potential applicants never make it past the first stage, global portfolio executive for cyber security Gordon Archibald has revealed as the company cuts the ribbon on a brand-new Sydney security operations centre (SOC) that is the firm's fifth such site worldwide.
As part of the process, applicants to CSC's Strike Force team are given a week to see how far they can infiltrate a self-contained technology environment. Only 1 in 5 bothers to come back, Archibald said, noting that the process rapidly helps weed out those who lack the skills white-hat hackers require.
“There are a lot of great people who understand how to use tools but don't really understand cyber,” he explained. “We want people who understand databases, applications, networks, and how to bypass security controls to provide that better level of assurance to clients. About 80% of our applicants fail to even have a go.”
The Strike Force team is part of a 2000-strong global security practice that received its fifth member with the opening of the dedicated SOC in Sydney's Macquarie Park, next door to the well-known outsourcer's Australian headquarters.
A massive investment in HP's ArcSight security information and event management (SIEM) technology supports the practice, which operates in concert with identical facilities in the US, UK, Malaysia and India to support customers and collect large quantities of threat-intelligence information.
This networked, collaborative approach to IT security has become a requirement in today's world, Archibald explained, noting that the changing threat had obsoleted the older ways of enforcing security. “What we identified probably three years ago is that the old way of doing security no longer works,” he explained.
“The days of bolting on technology and generating lots of information where you could have separate IDS, data loss prevention and other teams all in isolation of each other, are over. We wanted to make sure that we implemented a global security framework that would let us share information and get better visibility into what's happening in the wild.”
The ArcSight investment – which Archibald said makes CSC the biggest user of HP's popular tool in the world – took over a year and a half to bed down, combined with proprietary development that has helped the company offer an integrated IT security defence that is aligned with core business metrics.
“We've implemented regular updates of key security controls into centralise dashboards,” Archibald said. “We can see if clients have hardened their security policies, applied critical and major patches, are running the latest antivirus signatures, or are using default passwords. This really lets us get the core security signs right, and give assurance to our clients on their full risk and threat profile.”
While it puts a full selection of monitoring and analysis tools at employees' fingertips, getting into the new facility requires the right combination of skills – even for people who aren't trying to wear the white-hat hacker badge.
The need for skilled security staff was a key reason the site was located in Sydney, Archibald said: “we needed to make sure we were based where a resource pool was based,” he explained.
“It has really been a journey around the architecture, integration of controls, threat intelligence, and bringing that into a centralised room and control centre. At the end of the day, clients get transparency and assurance.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.