The concept of “Ops” teams has evolved over time, starting with DevOps, then moving to SecOps, and finally to DevSecOps. In a recent podcast episode on Naked Security, Paul Ducklin interviews Matt Holdcroft, a cybersecurity expert at Sophos, about the importance of getting these teams to work together and prioritize cybersecurity.
Holdcroft’s journey in the field of cybersecurity began in the early days of Sophos, where he worked as a Lotus Notes Admin and Developer. Back then, security was relatively simple because computers were physically connected to the network, and there were clear rules about access and usage. However, with the rise of cloud computing and remote work, the dynamics have changed significantly.
Today, being connected to the network is essential for a computer to fulfill its purpose and receive updates. However, this also exposes it to various cybersecurity risks. It’s a Catch-22 situation where going online is both necessary and risky. The concept of Bring Your Own Device (BYOD) would not have been feasible in the past, but now it is a common practice.
Holdcroft shares his three top tips for cybersecurity operators in the current landscape. First and foremost, patching is crucial. Regularly updating software and systems helps prevent vulnerabilities from being exploited. The longer patching is delayed, the more likely it is for a breaking change to occur.
The second tip is monitoring. It is essential to have a comprehensive understanding of the entire IT infrastructure and what is running on each machine. This includes knowing the software versions, installed patches, and potential vulnerabilities. Software Bill of Materials (SBOMs) can be helpful in this regard.
Lastly, Holdcroft emphasizes the importance of training and education. Cybersecurity operators need to stay up to date with the latest threats and best practices. They should continuously improve their knowledge and skills to effectively protect the organization’s systems and data.
In conclusion, the evolution of Ops teams highlights the increasing importance of cybersecurity in today’s interconnected world. DevSecOps brings together development, security, and operations to ensure cybersecurity correctness is a guiding principle. By prioritizing patching, monitoring, and continuous education, cybersecurity operators can effectively mitigate risks and protect their organizations.