Why Teams Fail Building Resilience into your Security Program and Culture
The New CISO - A podcast by Steve Moore - Joi
Categories:
We focus on resiliency in this week’s episode of The New CISO, which was originally recorded at the 2021 RSA Conference. Steve sits down with two former guests on the show, Dave Damato and Sandro Buccianeri to talk about the hard-hitting questions from the inside: why do people fail, and what impact does resilience have on program success? Thinking About Resilience As Steve mentions, there is a lack of definition for what is “good” within the cybersecurity realm. So how do we think about resilience and failure when there is no solid definition for what “good” is? And how can we establish resilience for our team members? Setting expectations through frameworks depending on your industry and defining success and capabilities for the team is crucial. However, leaders must also stop and acknowledge that your team members are not robots; they are individuals with challenges that all play a massive part in how they show up every day. Feedback and Executive Decisions If employees are scared to speak out if something is wrong within an organization, leaders are basing their decisions based on an echo chamber of positive feedback. Feedback is critical when it comes to correcting any errors or putting out fires, especially in a larger organization with a bigger staff. Showing that you can take criticism and feedback will allow team members to communicate in a more confident way, in turn creating a better work culture. When it comes to operating with other executives, CISOs often feel like they aren’t as established in the corporate landscape as other roles. CISOs need to shift their focus onto how they can have an impact on the business and the top level goals of the organization, which could mean weighing in on company wide issues such as pay rates, benefits, the hiring process, etc. Managing Expectations Expectations start as soon as the interview process does. Where do leaders mess up, and how can we fix it? The biggest challenge within security is that there aren’t enough staff and/or resources, so managing the resources in place and setting expectations is key. It’s important to make sure your team isn’t constantly putting out fires. Evaluate when/if you need to hire a new person or bring in a consultant to solve some issues. Hiring For Resilience Is it actually possible to gauge someone’s resilience during an interview? What traits should you be looking for during that initial conversation to see if they would be a good fit on your team? Dave and Sandro share their secrets on what exactly they ask and what exactly they are looking for in a candidate to continue to drive that theme of team resilience. Links Exabeam Podcasts Dave Damato - Twitter Sandro Bucchianeri - LinkedIn