Why Infosec Practitioners are Turning into Data Scientists

Security practitioners cannot wait for the information they need to protect the enterprise, and thus the speed of delivery becomes a driving factor in the success or failure of the data-driven security enterprise.

Data.Scientist

Because IT managers responsible for protecting the enterprise crown jewels—namely, data—face increasing threats against everything from fraudsters and data thieves all the way to up to nation-states, the need to react quickly to an imminent threat has never been more important.

Speed is essential to just about everything: sports, online trading, moving data workloads from one place to another, mitigating security threats, getting to church on time—we could go on.

However, as enterprises begin to realize the value of the data they collect, this data deluge has become more and more controlled by processes that are not focused on speed of change.

Security practitioners cannot wait for the information they need to protect the enterprise, and thus the speed of delivery becomes a driving factor in the success or failure of the data-driven security enterprise. So many of them are doing something about it; they’re morphing into entirely different personalities.

John Omernik, distinguished technologist at MapR, has shared with eWEEK five factors he believes are the reasons why infosec practitioners are turning into data scientists. 

Data Point No. 1: Few fields require data nimbleness and flexibility to the degree information security does.

Whether that's quickly rolling out new models to stop imminent threats or being able to quickly test new controls against historical data to ensure minimal business impact, security practitioners need speed and flexibility because the enterprise is on the line. Customer data, trade secrets, financial data, all of these things are at risk if practitioners cannot quickly analyze and address threats.

Data Point No. 2: For a security practitioner, the time from idea to implementation is critical and must be as short as possible.

If a practitioner has a great idea to protect the organization, access to some data is a multi-step, weeklong process, and loading of other data has to go through an enterprise ETL process that takes four to six weeks, that idea may die on the vine.  They need platforms that reduce that friction as much as possible to bring the best ideas to bear in protecting the enterprise.

Data Point No. 3: Need to expand data retention beyond keeping certain data.

Telling a practitioner "You can only keep some data, decide now what you will need in the future" due to exorbitant licensing costs is a recipe for frustration and compromise.  Solutions should allow flexibility with both the cloud and on-premises to save costs.

Data Point No. 4: The tools practitioners use should be easy to secure or be secure by default.

This includes strong authentication, access controls and high availability/redundancy by design. When trying to master threats, if those aspects can be backed into a platform rather than something a practitioner has to deal with, it's a win for everyone.

Data Point No. 5: Embrace modern dev/ops practices to speed delivery of Infosec.

Security practitioners will not tolerate slow internal processes that block bringing their threat solutions to the business. Modern DevOps practices that benefit data scientists, including containers and orchestrators such as Kubernetes in combination with access to data that is both easy as well as audited and controlled, is a must.  Waiting days or weeks to deploy code due to internal processes puts an enterprise at real risk. 

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...