Team collaboration is crucial to ensure the success in security testing. Of course this is an age-old problem, and not at all constrained to the security industry. In any meaningful task, team members need to draw upon pieces of each others vision to create a cohesive idea and achieve a significant result.
You know the feeling, you check your calendar and in a few days you start a new project, but uh oh, this is a four-man team gig. Trouble ahead, a gazillion of emails back and forth and no clear picture of where we are, what else do we need to cover or whether we left something out when everyone thought someone else was looking at it.
The first friction point is usually between different business units: does the technical team have everything they need to hit the ground running on the first day of the assessment? Getting your act together as a security services vendor is far from trivial and requires some work. I’ll write about it soon.
Anyway, back to the test proper. In order for the total results to be greater than the sum of their parts something needs to happen. It is not good enough that each team member is thorough, technically excellent and organised. Information needs to be shared, a glitch in part A of the system noticed by one tester can be exploitable from part F which is been looked at by a different tester. If each person works in isolation, this magic won’t happen.
As a team member, how are you solving this problem? How are you making sure that everyone else has a clear picture of what you’ve uncovered so far so they can build upon your findings? And conversely, how are you building upon your team mates’ findings to improve the overall results of the team?
If you are the technical director or founder of a project-based organisation, are you enabling your team to collaborate efficiently? Is the way in which they collaborate formalised or is it left to each tester and team to decide? If they are not sharing the information they’ve got effectively, are your clients getting the most out of your excellent team?