The T-Shaped Analyst

Posted by

Do we hire generalists or specialists? Both have their advantages, but I’ve married both of them to create the “T-Shaped Analyst.”

Above I’ve adapted an image I found to illustrate the “T-shaped analyst.” The T-shaped analyst is someone who is both a generalist (possess a broad set of valuable skills—the top of the T) and an expert (best on the team for a narrow discipline, or at least intensely passionate about a particular topic—the vertical leg of the T). When building a Computer Security Incident Response Team (CSIRT) we look for people who are capable of learning multiple things and being “sound” in some essentials like: Windows commands, Unix commands, networking, and basic security principles. Once these general skills are developed, we allow our analysts to find areas of passion for themselves, and then build themselves a niche where they are the best in that particular skill-set.

Use Cases
  • Need deep dive memory forensics? We have a guy for that.
  • Need a python script developed? We have someone for that.
  • Need some JavaScript deobfuscated? Let’s give it to analyst z, he enjoys doing that stuff.

When you have a team of T-shaped analysts with a common set of general skills and a diverse set of narrow skills, you are setting your team up for success.

Image Credit: I’ve adapted the image from T-Shaped People