Blog
How Culture Makes Us Safer
As published in the September/October 2019 edition of InfoSecurity Professional Magazine
By Wesley Simpson, COO
There’s an untapped resource hiding in security departments that many of us may consider an intangible or even undefinable asset. When strengthened, it can have a drastic effect on an organization’s security and contribute to its overall value stream. I’m talking about building a strong culture within your cybersecurity team.
There are some very tangible practices you can deploy within your team that can have a huge impact on engagement and satisfaction and make your business more secure at the same time.
One way to do this might be to create a monthly newsletter with some key stats about the number of vulnerabilities discovered, phishing attacks blocked, systems installed or whatever your key metrics are. How many of us actually catalog these achiev ements throughout the year? Would your teams’ confidence and pride grow at all if they saw the cumulative results of their efforts showcased across the company?
And what about extending this to the rest of your organization? Create a leaderboard for all of those correctly-identified phishing emails that your users send you. A competition with monthly or even quarterly winners and associated prizes can help increase user engagement and underscore the importance of everyone within your organization being responsible for cybersecurity— not just your security team.
Get involved in the cybersecurity community outside of your organization. Our Center for Cyber Safety and Education, for example, is always looking for professionals with your experience to help them deliver lessons to students.Mentorships and internships are also great ways to get involved and shape the next generation of cybersecurity professionals.
Of course, assembling the right team is the No. 1 way to ensure a stable and positive work environment, and that comes down to creating an understanding between IT hiring managers and the human resources team about what they’re actually looking for. Many organizations may struggle to find qualified candidates based on narrow definitions or job descriptions that only apply to “unicorns.”
Look for the right mix of qualifications, core values and soft skills that blend with your existing team.
That’s why it’s important to understand your needs and search for the right talent, even if they are nontraditional hires. Look for the right mix of qualifications, core values and soft skills that blend with your existing team.
Does the candidate have values that align with the team’s? Are they able to communicate effectively in all directions? Have they demonstrated they can work well within a group dynamic? Can they lead projects if needed? There may even be influential employees who are already within the organization and looking for a change or a new challenge. Would a person on the IT, legal or customer services teams be a good addition to the security team? Clear communication between hiring managers and HR is essential to uncovering the true needs of the team and making sure that the right hires are made.
With the rabid competition for qualified candidates, culture may be a differentiator that helps an organization avoid breaking the bank for talent. By making cybersecurity fun through initiatives like gamification, tabletop or war games, and guest speakers during staff meetings, your organization may be able to attract, retain and even grow your own security team and make your organization more secure in the process.