"The skill sets are less about operationalising firewalls or reporting. You need to have knowledge of hardcore investigations, and the ability to do that across infrastructures." Investigations will focus on a range of questions covering different types of data -- unstructured, structured and historical.
"Show me suspicious traffic that looks like a command and control traffic, show me odd transactions and if you do, tell me about the systems processing these transactions. Tell me about the traffic going in an out of it, it is going to places it doesn't normally go? Is it sending weird traffic patterns between that and some external locations?
"Tell me about the people in those servers, about the setup of the servers.Did someone mess with the configuration recently? Tell me about the end points that are connecting to them, is there something odd about the applications they are running outside those endpoints? Tell me about all the other places where I see that behaviour. "What I have just described is a big data analytics project," he says.
The nature of security investigations required is going to drive big changes in the technology and total skills sets, says Corn. Some of them can be addressed by in-house training, some by security services, and by increasingly automating higher order functions.
Sign up for CIO Asia eNewsletters.