Cybersecurity is best approached holistically—by combining human, physical, and technical efforts together to mitigate threats. But how exactly does the human element play a role? To grasp just how humans and psychology are central to the cybersecurity industry, we spoke to our very own Security Operations Center Analyst, Trystan Orr.
Q: How did you first become interested in cybersecurity?
A: I’ve been interested in technology since I was very young—I was introduced to computers and video games early. But there was no particular turning point that got me into cybersecurity; it was more of a slow realization. I took a couple of coding courses in high school and really liked them. Then, in college, I took a security class and received my Security+ certification. I really enjoyed just how pervasive security is: in anything you do, you have to consider security.
“At the same time, I started to notice a strong correlation between psychology and security. It’s about the way humans interact with the technology, and that’s why cybersecurity hit a note with me. Humans can be your greatest risk- and your greatest strength.”
Q: How do you apply your understanding of psychology to your job as a security analyst?
A: One of the key parts of my job as an analyst is thinking of the business need that accompanies security initiatives. For example, when a security alert is triggered, you have to think about the people behind the screens that triggered the alert. This is where psychology comes in. Once you have an understanding of who they are and what they’re doing in their day-to-day, you can respond to the alert. You don’t want to suggest something that slows down the business, or stops the user from doing what they need to do.
Understanding the user, the human, allows us to offer these custom solutions.
Q: Looking ahead a few years, what do you predict will be the next big change in the industry?
A: Awareness. I think people are becoming more aware of security, which is exciting to see. For instance, users are becoming more aware of phishing and the importance of reporting potential phishing emails.
“I think part of this increased awareness is a shift from thinking of cybersecurity as a purely technological problem, to a human problem as well. Users are starting to see the role they play in cybersecurity.”
Q: What do you see as the value of encouraging women to enter the industry?
A: I think including more women in the industry brings different viewpoints that are valuable in discussion and problem-solving. It’s becoming much more apparent that you have to have different people and different personalities to be effective. If you have a different viewpoint, you also have different experiences backing up that viewpoint.
This is especially important in security; you have to be able to have open discussions about how certain security measures affect the user’s risk and productivity. The goal is to understand what’s best for the user in order to offer the best solution. This is best achieved when a variety of different viewpoints are brought to the table.
Q: What advice do you have for anyone interested in entering the cybersecurity industry?
A: When I first started in the industry as an intern, I didn’t have a security background. I understood what was going on, but there was a lot I didn’t know. I realized that you must be completely unafraid to ask questions—before you start a new job or internship, and then throughout the entire time you’re there.
There’s a lot you can learn on your own too. If you are even a little interested, you don’t have to pay loads of money to learn more about the industry. Always be motivated and open to new ways you can learn.