Lightbulb sitting in front of a sunset

Creativity

When we talk about creativity, the mind goes to sculptors, musicians, and dancers. We think about the art of turning a blank canvas into a beautiful work of art.  As we move the discussion to technology, we often talk about graphic design, web development, and game design, but, we are here to tell you that creativity has a vital role to play in cybersecurity.  If you don’t think that exploit writers are thinking creatively about how they may be able to inject some code into your business’s applications to have it return the crown jewels, you and I need to have a serious chat.

Purpose

Here are some other places where creativity shows up in cybersecurity:

  • Creative and innovative thinking is how the next firewall algorithm, log analytics tool, code debugger, etc, will be thought of.
  • In digital forensics, thinking creatively may help you locate necessary evidence hidden on a disk.
  • An essential part of a threat hunter’s job is to use cunning and creativity to predict where an attacker may have left some tracks.

Growth Resources

Think Again: The Power of Knowing What You Don’t Know (English Edition)
Shared via Kindle. Description: Instant #1 New York Times Bestseller Listed as a Times Self-Help Book of the Year Discover the critical art of rethinking: how questioning your opinions can position you for excellence at work and wisdom in life Intelligence ...
Steal Like an Artist: 10 Things Nobody Told You About Being Creative (Austin Kleon) (English Edition)
Shared via Kindle. Description: Unlock your creativity. An inspiring guide to creativity in the digital age, Steal Like an Artist presents ten transformative principles that will help readers discover their artistic side and build a more creative life. No...
Creativity, Inc.: an inspiring look at how creativity can - and should - be harnessed for business success by the founder of Pixar (English Edition)
Shared via Kindle. Description: ‘Just might be the best business book ever written’ Forbes Magazine ‘This book should be required reading for any manager’ Charles Duhigg ‘Full of detail about an interesting, intricate business’ The Wall Street Journal _____...
How boredom can lead to your most brilliant ideas
Do you sometimes have your most creative ideas while folding laundry, washing dishes or doing nothing in particular? It’s because when your body goes on autopilot, your brain gets busy forming new neural connections that connect ideas and solve problems. Learn to love being bored as Manoush Zomorodi…
TED TalksManoush Zomorodi

In Practice

Creativity is essential for driving innovation, problem-solving, and responding to the myriad of emergent threats in the field of cybersecurity. Creativity can be applied at the individual level or across cultures to solve problems. A creative mindset empowers individuals to adapt, think outside the box, and connect links that otherwise wouldn’t be seen.

As a CISO

Operating as an executive over the cybersecurity organization, the CISO can apply creativity in areas such as strategic planning, budgeting, and cultural engagement. Strategy is developed looking forward and is subject to a wide range of inputs, and every situation is unique. A creative CISO is not simply pulling down and re-using off-the-shelf plans, policies, and playbooks to get the job done. Creativity comes in adapting existing mental models, building upon them, and contextualizing them.

Budgeting is another area where creativity is key. Needs continue to grow and budgets do not expand at a commensurate rate. Security teams are almost always in a position of trying to figure out how to do more with less. This may take the form of elimination of low-performing programs or un-used tools. It might also take the form of integration across tools and processes to expand coverage. Depending on the organization dynamics, there may also be opportunities to capture funding from other sources, such as budget pooling with other departments.

Mental models such as the Cyber Defense Matrix can be a tremendous tool in evaluating budgets and resources. There are numerous ways to map a program on to the matrix, teams, people, tools, and budget percentage all provide a unique perspective as to how a program is organized.

As a Pentester

Penetration testing, also known as ethical hacking, is a crucial aspect of cyber security, simulating attacks on live systems. One of the most important skills for a penetration tester is creativity, even compared to the wide range of technical abilities one must have. Finding vulnerabilities can be done through a checklist style approach, but that is rapidly becoming commoditized through vulnerability scanning tools. The value of a penetration test comes in the outside the box thinking, vulnerability chaining, and developing new attack techniques altogether.

Creativity is also embodied in the process of thinking like an attacker, personification oftentimes associated with red teaming. What would that adversary do? What would they be motivated to exploit? What capabilities would they likely have? Would they prefer a fast and destructive or low and slow approach to achieve their goals? These are all questions that a tester may need to consider and adapt to, depending on the nature of an engagement.