When his Airbus A320 hit a flock of birds over New York and lost both engines, Captain ‘Sully’ Sullenberger immediately grasped the gravity of the situation. “This isn’t happening to me. This doesn’t happen to me, ” he recalls thinking. That reaction is universal during disasters, whether in cybersecurity or aviation. Unfortunately, it comes far more often for cybersecurity operators.
Cybersecurity Breach or Airplane Crash: Which Is More Common?
The answer, of course, is that airplanes (despite many people’s fears) are very safe, while catastrophic breaches occur with mundane frequency. There are many contributing reasons for this, but it largely comes down to rigorous, consistent testing policies. Extensive data is collected and scrutinized during flights, in pre-flight checks, and especially after disasters. The observations gained in this manner have led to incremental safety improvements culminating in today’s safety standards. For example, the investigation that followed Flight 1549’s landing in the Hudson River led to many improvements in how commercial pilots operate.
Proficiency in Operation
The tolerance for failure is also practically nonexistent in aviation. This isn’t too surprising considering the lives of passengers and crew that are at stake, underscoring the importance of proficiency in aviation. According to one flight instructor, proficiency means that you can be successful at landing 100% of the time. If the announcer at a boarding gate announced that the pilot of that flight was successful at landing 98% of the time, few passengers would choose to board the plane.
In cybersecurity, by contrast, some commentators say that there is no such thing as security, but only degrees of insecurity. While that might be true, it leads to an unnecessarily defeatist attitude. While we might never achieve 100% security, it is still a target worth aiming for and worth striving for in increments.
The Importance of the Operator
Captain Sullenberger said that he couldn’t have hoped for a better co-pilot on the day of Flight 1549’s crash. Together, Sully and First Officer Jeff Skiles were able to complete the processes and procedures required of them not only because of their preparation and knowledge of the resources at their disposal, but also the character they showed in the face of adversity.
As employers look to fill the estimated 500,000 open positions in cybersecurity, it’s important to look at character in addition to certifications and experience. In Forrester’s recently released research on the Cybersecurity Analyst’s role profile, Analyst Allie Mellen found that despite being considered an ‘entry-level’ position, the Security Analyst position has requirements much closer to an intermediate one. The research also guides recruiters on desired characteristics such as the ability to deal with high-stress situations.
On Thursday, April 21st, Lumu hosted the Illumination Summit: Not in the Flight Plan | Preparing for the Unexpected in Cybersecurity and Aviation. At this freely available online summit, First Officer Jeff Skiles and Forrester Analyst Allie Mellen took part in discussions on the parallels mentioned above, and much more. You can relive the Illumination Summit at your leisure here.