In the highly competitive arena of cybersecurity, job hunters are finding it rather difficult to differentiate themselves. But like most other tech jobs, cybersecurity is constantly evolving, with job candidates expected to know about the latest threats and how to combat them—and sometimes HR departments’ expectations are almost impossible to meet.
That said, cybersecurity professionals should look at the duties expected from them through a different lens; in order to succeed in the highly competitive cybersecurity market, they’ll need to look at the science of cybersecurity.
Cybersecurity has become all about data relationships—or more specifically, the relationships between actions and data to develop a baseline of what is acceptable behavior. However, there is a great deal more to securing systems than monitoring the behaviors of applications, users, and services; that troublesome fact is evident in the rise in malicious attacks such as ransomware and phishing.
In light of that, cybersecurity professionals need to approach cybersecurity from a more scientific point of view. For instance, there’s a growing interest in ontology, or more specifically cyber-ontology. At first glance, ontology is a confusing term—the standard definition is “the branch of metaphysics dealing with the nature of being.” In a cybersecurity context, though, ontology can be summed up as “a set of concepts and categories in a subject area or domain that shows their properties and the relations between them.”
Cyber-ontology is not a new science; organizations such as Carnegie Mellon University’s CERT program have been promoting the idea for some time. In August 2012, CERT staffers participated in the First International Workshop on Ontologies and Taxonomies for Security (SecOnt) conference and proposed the idea that the "science of cybersecurity " would require the construction of a common language and a set of basic concepts around which the security community could develop a shared understanding. In other words, an ontology.
While ontologies and taxonomies may have caught on in the world of cybersecurity science, the concepts themselves were rather static. That has led to some cybersecurity vendors being less than enthusiastic about the concept of ontologies. Fatih Orhan, Head of Threat Labs at Comodo, said: “Ontologies are not used in our processes, unfortunately, due to the fact that they are very static and do not allow update on the definition. But the closest to an ontology is the definition of malware family, malware type and especially the signature name we’re constantly creating to detect malware files.”
While Orhan’s view may be applicable to signature-based anti-malware protection, other vendors have embraced the concept of ontologies. Syed Abdur, Director of Products at Brinqa, said: “The study of data ontology provides an alternate, data-focused perspective of technology. By ‘following the data’, professionals can understand how the various heterogenous components of IT and Cybersecurity ecosystems interact to impact each other.”
Abdur added: “This type of data ontology is typically undertaken by Cyber Risk Management programs, as they account for the technical infrastructure within an organization, the supporting cybersecurity tool ecosystem, and the interdependency between the two.”
Perhaps the contrasting views are based upon the actual context of the applicability of ontology in the cybersecurity realm. Brinqa, as a company, is focused on risk management, while Comodo is focused more on protecting endpoints from malware. Still others view the concept of ontologies from a different perspective; Michael Covington, VP of Product, Wandera, said: “As an emerging security focus area, Mobile Threat Defense has benefited from an ontological approach to describing the vulnerabilities and risks that impact mobile-enabled workers and organizations.”
Covington continued: “Within our own company, developing this ontology has, ultimately, led to new product capabilities. Previously, we looked at many threats in isolation. But with a more robust understanding of mobile risk, we're now able to build models that track the development of a threat, from initial vulnerability through exploit and data compromise.”
Regardless of how vendors regard the value of ontologies, one thing is clear: understanding how ontologies impact cyber-operations goes a long way towards bringing science into the cybersecurity realm. Those cybersecurity professionals who can appreciate how ontologies may re-invent how threats are dealt with may bring new insights to the position they are seeking, and set themselves apart from the rest.