Skip to content
All posts

Conquer expert bias in cybersecurity with next level focus

Cybersecurity is a fast growing and increasingly complex area that is most often considered a technological area. Higher education is producing students with deep technological knowledge, who are highly specialized in a few narrow areas. Companies are hiring professionals who have specialized in technology through their education and their experiences to fill specific cybersecurity roles.

There’s no doubt, the world definitively needs these highly specialized professionals. But what happens when people specialize? A few things, actually. Some that are great, and some that are less ideal from a holistic perspective. Here are some of the benefits: 

  • Specialists recognize a problem faster.
  • Specialists recognize a solution faster.
  • Specialists can complete specific tasks faster and more efficiently.
  • Specialists know more about their specific area of expertise.

These benefits are some of the reasons why our society creates so many specialists: it is a very effective tactic when dealing with specific problems.

However, what happens when experts are tasked with finding solutions to problems that do not fit into their personal sphere of specialization? Sometimes, they come up with solutions that are both relevant and effective. More often, though, they can be found to create solutions that are not relevant to the actual situation. How can that be? Let us take a look at some of the negatives of highly specialized experts: 

  • Specialists are trained to recognize a particular problem, and are unlikely to foresee different kinds of problems that they have not been trained to recognize.
  • Specialists are trained to recognize a particular set of solutions, and are often limited in their ability to see solutions that exist outside of their training, leading to proposed solutions being less than ideal.
  • Specialists can complete special tasks faster and more efficiently, but often struggle to adjust to other tasks and problems. Their training and experience gets in the way of effectively solving problems and completing tasks that are not within their area of expertise.
  • Specialists know more about their area of expertise, which also often leads to them knowing less about areas outside of their expertise. 

Now, this is all starting to sound like experts and specialists are a problem, and that we should avoid them – not the case. Experts and specialists are extremely valuable to society, to innovation, and to cybersecurity. Applied correctly, where their knowledge is relevant, specialists should be leveraged to the fullest of their potential. 

The challenge arises only when an expert in a particular field is being tasked with solving problems outside of their area of expertise, because subject matter experts are best at solving problems within their known area of specialism, but not problems outside of their area of expertise. For example, to solve the human factors in cybersecurity, an expert on human factors would be better suited to identify suitable solutions, compared to an expert specializing in security analysis, security architecture or threat management. For new problems, however, the best solutions are found differently. 

Instead of leveraging one expert in some area, the best solutions to new problems (i.e. problems where the solutions are not yet known) are often found by creating a team of experts from different areas, where each expert can provide their expertise, and where the group works together to identify the best solutions. For example, when it comes to solving the problems related to the human factors of cybersecurity, it is much more effective to bring together a broader set of experts – those with expertise in psychology, organizational theory, communication and human interaction, in addition to cybersecurity expertise. 

At Praxis Security Labs, our multidisciplinary team brings together a broad range of expertise and experience from working with human factors of cybersecurity in organizations around the world. In a complex reality, you win by bridging the gaps between experts of different disciplines. Book a meeting with a Praxis expert today to learn how we solve problems for organizations like yours.