Tl;dr
- For this episode from our Voices from Infosec series, we sat down with incident responder par excellence Caitlin Kiska, during a break in the action at the GRRCon 2022 show in Grand Rapids, MI
- Caitlin is on the IR team for a major retailer—so it’s safe to say that her team has plenty to do!
- She got into infosec the way we all do—via cooking school and then professional online poker. (Oh, wait, some of us didn’t come into it by that route…)
- It turns out that some of the skills that served her well in online poker were also useful in the Security Operations Center (SOC). Pattern recognition FTW!
- Alert fatigue is not just a buzzword. It is real and it’s causing serious problems in SOCs all over the world, from missed signals to less-effective responses to the mental health toll it takes on infosec pros.
- There is good research from other disciplines such as industrial process controls and aviation on similar issues, and the infosec community can and should learn from these findings.
- Caitlin argues for a new definition of what represents a good alert: one from which a meaningful containment or prevention action was applied. Most alerts do not fit these criteria today.
- On a lighter note, we also found out what it’s like to be a serious birder. Caitlin makes the case that it’s something more of us should consider pursuing. Also, there is a species out there that really takes away what little doubt you may have had that birds are, in fact, dinosaurs.
- Link to a great presentation by Caitlin on how to fix IR, from CircleCityCon 9.0 https://www.youtube.com/watch?v=ml6V1B1AD34
For the latest installment of Voices from Infosec series, Breaking Badness regular Tim Helming (@TimHelming) spoke with Incident Responder, Caitlin Kiska, about her unique path to cybersecurity, her passion for understanding alert fatigue, and her interests outside of industry.
The Many Iterations of Caitlin
When asked how her interest in technology began, Caitlin described her path as “atypical.” She likes to say there are “many iterations of Caitlin” and the first one included the desire to be a restaurateur. However, if anyone has read “Kitchen Confidential” or seen the movie, “Chef,” you know the restaurant game can be…challenging. It’s long hours and you’re beholden to customers and reviews. Ultimately, it wasn’t for her, although she’s continued cooking for the people she loves and is a co-host on Unicorn Chef.
What’s the next logical step after wanting to run a restaurant? Online poker, of course! For most of her 20s, Caitlin played online poker and she did well, but she knew she didn’t want to continue to do it into her 30s. She believed the skillset she gained while playing poker (studying her opponent’s moves, finding patterns, etc.) would be perfect for catching outlier behavior in cybersecurity.
Next Stop: Cybersecurity
Caitlin soon found a company that was, *ahem* willing to take a gamble on her after completing her degree. It was a Managed Security Services Provider (MSSP) SOC where many people begin their cybersecurity careers. Unfortunately, MSSP SOCs do have a reputation for burnout, but if you can withstand the heat in the kitchen, you’ll learn a lot. The problem is burnout can be a hotbed for mistakes to occur.
Why Do People Make Mistakes?
One of Caitlin’s interests is understanding why people make mistakes. In MSSP SOCs, people make mistakes largely due to alert fatigue, which is when a large number of alerts desensitizes the people responding to them, mistakes can happen. Because there’s a lag in understanding alert fatigue within cybersecurity, Caitlin is interested in measuring the efficacy of alerts to see if it leads to a meaningful response.
The Gambling Bird
Closing the conversation, Tim had to understand where Caitlin’s Twitter handle (@TheGamblingBird) came from. As it turns out, Caitlin is an self-described “obsessive” bird watcher and describes bird watching as “a beautiful piece of her life” because no matter how stressed she is, she can always go bird watching and come back to herself. It’s a lifelong hobby.
A big thank you to Caitlin for joining us on Breaking Badness! It was a fantastic conversation and fascinating to learn about Caitlin’s path to cybersecurity. Be sure to listen to the full episode for her full insights on alert fatigue, how we can combat it, and a deeper dive on Caitlin’s previous lives and fun facts about ornithology!
