By: Dr. Edward Amoroso
July 1, 2020
Managing Team Dynamics in Cybersecurity
By: Dr. Edward Amoroso
July 1, 2020
How winning at team dynamics facilitates stronger cybersecurity leadership
This series is sponsored by Cybrary for Teams- helping organizations close the cybersecurity skills gap and build a workforce capable of tackling the challenges of today, and tomorrow. Request your demo to explore all expanded training options.
Among the most pervasive misconceptions about cybersecurity is that it’s purely the domain of the IT department. Moreover, important roles like ethical hacking and penetration testing are typically solitary activities. Things like negotiation, conflict resolution, and team dynamics rarely top the list of responsibilities.
Taking on a leadership role in cybersecurity comes with a very different set of responsibilities. Aside from technical expertise, CISOs must also orchestrate team harmony and encourage a culture of productivity and accountability. Their jobs are, first and foremost, about people, and managing people requires a solid approach to team dynamics.
View Ed's session on Team Dynamics
Why cybersecurity demands a people-first approach
Given the huge emphasis on security architecture, technical controls, and policies, it’s hardly any wonder that most people assume cybersecurity starts and ends in the IT department. But the truth is, human error plays a key role in the clear majority of incidents. Moreover, everyone is a potential target, no matter their rank or role in the organization. On top of that, there’s the challenge of adapting to constant change. Threats come and go, priorities change, and teams across all departments have to navigate disruption in a fast-paced, technology-driven world.
That’s why effective teams aren’t composites that you put together and then expect everything to work in perfect harmony. A good team is dynamic, especially in today’s work environments, in which people and technology alike are often distributed across multiple departments and locations. A people-first approach to cybersecurity leadership involves the right blend of staff training, clear communication between departments, and building an organization-wide culture of accountability.
Here are our seven rules of team dynamics and how they apply to cybersecurity leadership:
Rule 1: Focus on the mission
Leaders put together teams for all sorts of reasons, and cybersecurity is no exception. In some cases, it’s necessary to assemble a team as quickly as possible to solve a problem. In such a situation, the mission revolves around a sense of urgency – the mission is to solve the problem as quickly as possible. Sometimes, there’s no other option.
But the most effective CISOs incorporate the right blend of culture and strategy. They turn the negatives (such as the possibility of a data breach) into positives (such as proactively enabling something in the face of a threat). Thus, the mission revolves around building a security-driven culture where everyone’s on the same page and working together to prevent incidents from happening in the first place.
Rule 2: Use team-based rewards
An effective team depends on how motivated its members are. If someone doesn’t feel valued for his or her role in a team, then the quality of their work will suffer, regardless of their talents and skills. One of the biggest challenges of forming a team is setting up a system that rewards and recognizes achievement.
Of course, not many will turn their noses up at a financial incentive. However, even money is no substitute for recognition, and a bonus tends to get forgotten about rather quickly. Team-based rewards, on the other hand, should be something that acknowledge the team together, such as a party or the attendance of a celebrated speaker at your next team meeting.
Rule 3: Develop and nurture interdependencies
Many cybersecurity experts are used to working independently. Much like a lot of technology architectures themselves, IT teams often take a modular approach. Every role is replaceable, and no one is dependent on anyone else. But that’s not what working as a team is all about. If the separation between roles is completely black and white, there’s no space for diversity, which means there are no fresh perspectives to help address new challenges.
Nurturing interdependencies can be tricky, but it’s important for improving the efficiency and effectiveness of any team. After all, people will be coming in with a wide range of backgrounds and different skillsets. For example, one person might be great at deploying security controls, but they might not be so good at handling auditing issues. When people are dependent on one another, there’s also a stronger culture of accountability, which is crucial for organization-wide information security.
Rule 4: Develop clear goals
People often confuse goals with milestones. However, milestones are simply deliverables; tasks which need to be completed in pursuit of a goal. These goals, in turn, should align with the overarching mission, as we discussed in the first rule.
In any team, every member will have three goals in mind, even if they haven’t thought about them in such a way. They’ll have their personal, professional, and team goals. But they’ll be operating at their best when they have all three in mind. By defining goals which align with the personal and professional priorities of each team member, you’ll be create a stronger and more motivated team.
Rule 5: Communicate feedback to teams
People often expect negative feedback to be confrontational and closed to any further discussion. After all, there’s rarely any room for compromise when it comes to cybersecurity outcomes. But nobody wants direct negative feedback and, at best, all it will achieve is a short-term impact.
Cybersecurity leaders should always use empathy and, wherever possible, approach negative feedback from a positive angle. In many situations, there are perfectly legitimate reasons for a poor quality of work, such as misunderstandings, personal troubles, or a lack of alignment between priorities and responsibilities.
Rule 6: Permit open discussion
A challenge CISOs commonly face is breaking out of the stereotype that they’re leaders of the department of no. The modern CISO mustn’t be seen as a dictator, but rather as a team player and leader who maintains close ties with leaders of other departments across the enterprise. If they can demonstrate their support for open discussion, they’ll be much better equipped to promote our final and most important rule:
Rule 7: Teams must learn continuously
Many of the negatives in cybersecurity can be turned into positives. Perhaps the best example of that is the way non-destructive negative feedback can help drive a culture of learning and continuous improvement. In such a dynamic field as cybersecurity, or technology at large for that matter, there’s always more to learn. Skills which were important a couple of decades ago might no longer be relevant, but there are also many new opportunities.
Practicing continuous learning through executive learning programs and SOC training protects your company and its employees from a constantly evolving threat landscape. It can stimulate both professional and personal goals, boost productivity, and improve decision-making across the board. That is, hands down, the best way to strengthen your team.
Cybrary helps organizations close the cybersecurity skills gap and build a workforce capable of tackling the challenges of today, and tomorrow. Request your demo of Cybrary for Teams to get started.