Do we hire generalists or specialists? Both have their advantages, but I’ve married both of them to create the “T-Shaped Analyst.”
Above I’ve adapted an image I found to illustrate the “T-shaped analyst.” The T-shaped analyst is someone who is both a generalist (possess a broad set of valuable skills—the top of the T) and an expert (best on the team for a narrow discipline, or at least intensely passionate about a particular topic—the vertical leg of the T). When building a Computer Security Incident Response Team (CSIRT) we look for people who are capable of learning multiple things and being “sound” in some essentials like: Windows commands, Unix commands, networking, and basic security principles. Once these general skills are developed, we allow our analysts to find areas of passion for themselves, and then build themselves a niche where they are the best in that particular skill-set.
Use Cases
- Need deep dive memory forensics? We have a guy for that.
- Need a python script developed? We have someone for that.
- Need some JavaScript deobfuscated? Let’s give it to analyst z, he enjoys doing that stuff.
When you have a team of T-shaped analysts with a common set of general skills and a diverse set of narrow skills, you are setting your team up for success.
Image Credit: I’ve adapted the image from T-Shaped People