Roosa Malinen

Roosa Malinen

Tietoturvallisuusasiantuntija

Why critical thinking needs to be a part of security professionals' work and why it is so important

Critical thinking is an essential part of the security mindset. It helps security professionals understand security anomalies, events, scenarios, incidents, malware, response activities, and much more. Critical thinking starts from the ability to think critically. The main goal of critical thinking is to solve problems and make decisions based on logical thinking and analysis by collecting proof or evidence that has been validated and can be verified.

Critical thinking requires an ability to filtrate disinformation and (avoid making) emotionally loaded decisions. However, emotional intelligence is not altogether excluded from critical thinking; it can be used to make observations that support conclusions. All logical paths and information matter in critical thinking. Before decisions can be made, all possible conclusions need to be validated based on evidence.

The results of critical thinking should be considered and questioned before accepting possible outcomes and results.

Critical thinking has an impact on all stages of intelligence and investigation. It improves lateral thinking and different types of skills to analyze logical patterns. It helps in making observations and collecting relevant data. Critical thinking can be used to support analysis, map different types of patterns and paths to reach evidence and information effectively to obtain an overview to make sophisticated decisions.

Critical thinking is the link between all intelligence and investigation stages and is essential in order to succeed in analysis and logical thinking. Finding relevant information, identifying key issues and resolving them are important success factors as well.

Example:

A security analyst analyzes cases where malware is moving laterally in the environment using wormable vulnerability. The security analyst must gather all information related to the incident and utilize the critical thinking approach to help Incident Response Team evaluate the situation case by case and make the best decision in order to achieve the best possible outcome for all parties. Without critical thinking, analysts cannot analyze or evaluate incidents.

Critical thinking models and methods can be used as examples of information sharing between stakeholders, collaboration, technical approaches and tools, logical modeling and emotional intelligence. Information sharing is based on confidentiality and liabilities between actors. Intelligence sharing is needed to develop methods and scenario models to improve capabilities to make better decisions and detect flaws and errors in decisions made earlier. Sharing intelligence is a critical part in collaboration between actors globally to better recognize flaws and protect individuals, organizations and states.

Critical thinking can be built inside automation. Human validation and verification stages make decision-making slow and inefficient when fast results are needed to resolve issues and make urgent decisions. This is where automation helps humans evaluate data as reliable evidence and make faster decisions based on critical thinking analysis models.

In addition, emotional intelligence has a situational role to play in critical thinking, intelligence and investigation. It helps build relationships and turn intention to action and make emphatic and informed decisions to achieve success. The challenge is that technical and statistical tools are making decisions for individuals and organizations, so caring for others and empathy are based on deficient information and not utilized when making decisions.

Kirjoittajasta

Roosa Malinen

Roosa Malinen

Tietoturvallisuusasiantuntija

Olen Roosa Malinen ja toimin Offensiivisten tietoturvapalveluiden vetäjänä CGI:llä Kyberturvallisuusyksikössä. Vastuulleni kuuluvat muun muassa erilaiset kyberturvallisuusharjoitukset ja hyökkäykset, uhkamallinnus ja uhkatieto, tekninen tietoturvakonsultointi, sekä offensiivisten tietoturvapalveluiden kehitys. Olen työskennellyt CGI:llä Defensiivisten tietoturvapalveluiden parissa, sekä SOC analyytikoiden tiiminvetäjänä.