Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Beyond Protocols: How Team Camaraderie Fortifies Security

The most efficient and effective teams have healthy and constructive cultures that encourage team members to go above and beyond the call of duty.

Harmony in Security: Building Teams that Thrive Together

I am grateful and consider myself fortunate for many reasons. One of those reasons is that my wife and I very much like each other and enjoy spending time together. Unfortunately, not all couples have this, and it is certainly not something that either of us take for granted.

As you may know, when we do something with people we enjoy spending time with, it is far more enjoyable. Indeed, we see this most when doing chores that may not be our favorite activities. Simply put, when we are with people we enjoy, the task at hand seems to pass more quickly and to be less burdensome, regardless of how unpleasant, difficult, or arduous it is.

What does this have to do with security, you ask? I believe we can learn an important lesson from this. When we think about the many different tasks a security team must complete, many of them are challenging and time consuming, to say the least. Logic would dictate that if the security team is of high quality and its members enjoy working with one another, tasks will be completed more efficiently and effectively.

Given this, it is interesting how little focus security professionals give to the people aspect of security. You will routinely hear many around our industry talking about people, process, and technology. However, many of us have likely experienced that much of the real focus is on process and technology. Yet, the team is just as important, if not more important.

In this piece, I’d like to examine five reasons why focusing on people and building a team that enjoys working with one another are just as important to attaining security goals as process and technology.

  • Not My Job: When a team has top quality team members and is running like a well-oiled machine, you don’t hear a lot of the phrase “That’s not my job.” The reason for this is that when team members feel that other team members are reliable and working hard for the good of the organization, they don’t mind pitching in to do a little extra work when something needs doing. Unfortunately, the reverse is also true. When a team has several members that are not pulling their weight, many of the team members will begin to feel that other team members cannot be counted on. Sadly, this often results in individuals “hunkering down” and focusing on what they get compensated for, rather than being open to additional work that needs doing. This directly harms the efficiency and effectiveness of the security team.

  • Not My Problem: Similarly, when a team has top tier members and is running well, you don’t hear a lot of the phrase “That’s not my problem.” The reason for this is that team members feel safe identifying and solving problems that need fixing, either by themselves or with an impromptu team that has been set up for that purpose. On the other hand, when a team has significant dead weight and is not running well, top team members will not feel safe identifying and solving problems that need fixing for fear of getting blamed when something goes wrong, being seen as negative or a naysayer, and/or being sabotaged/drawing too much attention to themselves. As in the above point, a poorly functioning team results in individuals mainly looking out for themselves as a defense mechanism. This also harms the productivity of the security team.

  • Going The Extra Mile: The best security professionals I know continuously greatly exceed expectations when they are working in healthy and constructive environments. Sure, they could finish the task at hand, take a breath, and then move on to something else. Instead, they routinely go above and beyond, extracting and applying lessons learned, analyzing if an issue may be more broad than initially suspected, and looking to improve processes and workflows. This happens because employees know they are being judged and evaluated in the big picture sense. In other words, that the team leadership understands the value they bring, even if they occasionally take a bit more time to step outside the prescribed box of tasks they typically operate in. This most often brings huge value to the security organization. Unfortunately, security organizations that do not provide a healthy and constructive environment will miss out on these benefits.

  • Trust: All healthy relationships are built on trust. When co-workers trust one another and can rely on one another, amazing things happen. They begin to build off one another’s work and move forward faster together. They also begin to talk one another up, which raises morale and helps management, executives, and the board see the value of the human resources that make up the security team. Lastly, trust brings about openness, honesty, transparency, and sincerity amongst team members. These qualities contribute to the free exchange of ideas without fear of humiliation, backstabbing, and/or having something you said or did used against you. The security team that has trust amongst its team members sees huge gains from it.

  • Representation and Reputation: Have you ever considered the importance of how your security organization is reflected externally? For example, will top talent come work for a security team that is known to have poor leaders? Will the best security professionals want to work at a place that has an antiquated vision and where it is difficult to make progress and have an impact? Will security all-stars want to be part of a team that does not have a healthy and constructive culture? Will customers and partners feel comfortable entrusting their data to a security team that is known to be not running particularly well? Likely not. The security community is a relatively small and close-knit one – people talk and people know which cultures would likely be a better fit for them than others.

While it is tempting to focus on process and technology, people are an important part of security as well. The most efficient and effective teams have healthy and constructive cultures that encourage team members to go above and beyond the call of duty. While creating this type of culture requires substantial investment, it results in a significant return on investment for the security organization and is extremely worthwhile.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem