Connect with us

Hi, what are you looking for?


Management & Strategy

What Are Your Cyber Team Dynamics?

We have a major shortage of qualified cybersecurity professionals. This is not a new realization and it is one in which the community general agrees. What isn’t talked about as much – but should be – is a cyber team’s dynamics and its impact on performance.

We have a major shortage of qualified cybersecurity professionals. This is not a new realization and it is one in which the community general agrees. What isn’t talked about as much – but should be – is a cyber team’s dynamics and its impact on performance.

Cyber defense is a team sport, akin to basketball. As it is with basketball, you need to have the right mix of players, teamwork and a solid set of offensive and defensive plays to rely on and adopt when the opponent takes control of the court. You don’t want five Michael Jordans, five centers, or five point guards. You need the right composition of team skills, work roles and integrated team performance. Your elite cyber defense team needs to actively communicate, pass the bits of evidence around, develop the big picture strategy and be able to adjust to different adversaries.

I have trained and assessed some of the best corporate and military cyber defense teams in the nation. Inevitably, they come to me as a group of very well trained individuals, who generally are quite well versed in one tool but don’t understand, or even realize, that there is another teammate next to them. I like to think of them as soda straws.  When I initially meet these teams, I work to find out who are multi-taskers, who are detail oriented, who are tenacious and who think ‘outside-the-box.’ I sort each individual into their technical cyber personality and begin working to help them reach their full potential.

When I first started assessing cyber teams, I participated in large scale cyber exercises with over 25 teams, marveling at the uniqueness of each one. They were different sizes, used different tools, were organized in different forms and, as you can imagine, performed very differently. Obsessed with trying to understand what the best team structure was and whether certain tools drove their exemplary performance, I asked them how they performed so effectively and fluidly – ‘what makes you a top team?’ I soon realized as with all complicated problems, there was no obvious answer, but there certainly were trends and lessons learned that I was able to take away from the experience.

A high performing, elite cyber defense team needs to have representation across the technical personalities I described above. They need ‘multi-taskers’ who can visualize the network and manage the various sensors and tools to aggregate the logs from the firewalls, Active Directory, Network Security Monitoring systems and host-event data. ‘Multi-taskers’ brains are wired specifically for this.

A high performing team also needs the detail oriented ‘perfectionist’ who can pore through and understand the router configurations, firewall rules and policy settings across all devices. The ‘perfectionist’ validates that the enterprise is configured as advertised. Due to the ubiquitous hacking attempts and breaches we see today, a high performing team must also employ tenacious, ‘out-of-the-box’ cyber hunters. These personality types can sense that somehow the adversary is on the network; they just need to find them. They know that skilled adversaries can by-pass defenses and hide patiently in all kinds of unusual places.

And last but certainly not least, a high performing team must have personnel who can put it all together. This person can sense the importance of one artifact and lead the team to finding more evidence of the intrusion kill chain. With these four personalities, the team has leadership skills, technical depth in one or more cyber arena, and a deep understanding of the use of cyber threat intelligence data – making it a winner, like the 1996 Chicago Bulls! 

Advertisement. Scroll to continue reading.

In this world of daily cyber-attacks costing billions and wreaking havoc in our corporate boardrooms, we need to step back and take stock in what we have. It’s not just more people or more tools, although both can help; it is about connecting the dots, building the strategies, and adapting to the adversary by creating the best team to operate and understand the key business cyber terrain across the enterprise.

To build effective teams, we must bring talented individuals together, pull apart the soda straws and assess their technical personalities, and leverage their strengths to accomplish a common goal and complete missions oriented towards defense.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.