“TCS’ enterprise Vulnerability Management Service (VMS) removes vulnerabilities affecting your application and network infrastructure intelligently”. One would find this mentioned in EVM section of TCS official site. However, the more we dig deep into the lines, one would realize the kind of effort which goes in implementing a robust vulnerability management lifecycle that ensures data protection. Establishing a group to facilitate the niche services is no mean job either. Assembling the right blend of industry’s best tools and skillful professionals is what can be termed as “The Ideal EVM Team”. Like they say “Finding good players is easy. Getting them to play as a team is another story”. With great responsibilities, comes bigger challenges. Let me hand-pick few of the challenges which may just prove to be the perfect road-blocks in sustaining with these specialized teams.
- Getting the right people. Profiles expertise on security domain are never easy to find. There was never a healthy ratio maintained between demand and supply of these experts. There is one thing in common between spinners (in the game of cricket, like pitchers in baseball) and security professionals – they mature late. Either you manage with whatever limited option you have, or else make things happen and create security professionals. The later though sounds challenging but effective. Grooming associates from various domains over a period of time would yield good results in a long run. Harnessing their security skills via internal trainings and participation in various security forums would create a fit bench strength.
- Combating Attrition. Finding a security professional is a challenge, but countering attrition is a bigger challenge. The huge demand of such able talent makes the job of group much tougher in sustaining such profiles. Lucrative offers from other groups/organization can never be avoided, however defining a realistic career graph suiting their needs would certainly negate this to an extent. Making the associates to attend various conferences and webinars on related filed, on related domain would certainly help in enhancing their skills.
- Affording Security Tools. Arsenals are backbone of every battle. The security tools available in the market doesn’t come cheap either. The price keeps on shooting if we hunt for the market leaders. Any team irrespective of its size, will think twice before procuring it. Getting the best out of free tools with the help of skillful associates, is probably a cheaper alternative. To name a few Zap, Burp suite, SQL map, Xenotics, etc are certain free tools which could be combined to be used for a security assessment.
- Healthy Bench Strength. It’s like a double edged sword. It may be an asset for some and liability for few. The key is to utilize it to your advantage. At EVM we follow a “hire before you position” policy. Irrespective of the grade, years of experience and skills of a new hire, everyone needs to go through the mandatory induction cum training program. Continuous hiring asks for a training in a batch with sizeable associates. Rigorous training of 3 months followed by shadowing with senior team members for various security assessment, ensures that they are combat-ready. Later exposing them to one-off assignments before they are positioned in long term engagements, gives them the required feel and confidence of the things to come. 16 hires in last financial year compared to 12 hires till date in this financial years, speaks of the competitiveness of the group. The number is only going to grow with the days to come.
- Security Training. Like they say “Alone we do so little, together we can do so much”. To grow as a team, it’s very vital that everyone in the group moves at a similar pace. Unavailability of skillful resources, leaves us with option of hiring associates from various other domains. It’s here where the training plays an important role. Getting them skilled in security domain and getting them ready for the big day is what is the need of the hour. It will all go haywire, without the availability of proper training and constant mentoring. Facilitating training via external vendors can help. Internal knowledge sharing sessions involving various locations would go a long way in creating skillful resources.
Challenges are many and the count will only keep on growing. However, the desire have to be kept alive with continuous good work. After all, “The ideal EVM team” can never be achieved overnight. If everyone is moving forward together, then success takes care of itself.
Rate this article: