Educate - Security Pillar


Automated processes enable organizations to spend more time focusing on measures to increase the security of their workloads. Automated incident response also makes humans available to correlate events, practice simulations, devise new response procedures, perform research, develop new skills, and test or build new tools. Despite increased automation, your team, specialists, and responders within a security organization still require continuous education. We encourage you to review and incorporate the following areas when thinking about educating your security teams:

Development Skills: Equipping security professionals with programming skills will accelerate your organization’s automation efforts. This includes not only ensuring education around programming languages, such as Python, but also ensuring familiarity with source control system, version control, and CI/CD processes. When developers have this understanding, they’ll increase efficiency and reduce errors when automating.

AWS Services: It’s important for your security team to be proficient with the security services offered by AWS. Understanding how to use cloud native tools will reduce response time and build team confidence. In addition, establish a cadence of education about new services and capabilities in order to continually iterate your capabilities. Just as the threat landscape changes, so do the tools.

Application Awareness: Train your incident response team on the specifics of the workloads and environments that they own. This includes understanding what logs are emitted, what information the logs contain, the traffic flow of the application, and what authentication and authorization mechanisms are in use. This is a critical component as deep understanding of your organization’s infrastructure and applications provides an advantage to protecting them.

The best way to learn is hands-on, through running incident response game days. This allows for experts in your team to hone the tools and techniques while teaching others. This is covered in more detail in the Simulate section.

Finally, don’t forget to maintain required education for your entire organization. Security awareness is an important line of defense. Users should be trained to report suspicious behavior to your security team for further investigation.