4 Ways To Inspire Your Security Team
Unsung heroes, the guardians of critical data, people who prevent cameras sticking at the CEO’s face first thing in the morning, or just a bunch of cynical dudes who always say no to exciting stuff.
Security teams often work with ambiguities, short timelines, risk acceptance trigger happy business stakeholders, intangible outcomes that are difficult to measure and underappreciated, fear that a successful breach could end one’s career in security.
Sounds like a sh*t gig? May be, but here are the 4 ways that would help inspiring the team.
Consumer Identification & Feedback
Find out all the internal and external end consumers of the “security service” that the team offers, examples can be project managers, solutions architects, enterprise architects, audit, compliance or even the end users of the products or services the company offers. Seek out to these external end consumers for stories and feedback on how the security team helped or positively impacted them before.
Set up a forum or event which representatives from previously identified security service consumers can share their experiences face-to-face with the security team and open up the conversation. Or alternatively, a “fishbowl” conversation which consumers engage in conversations and experience sharing in front of the security team but pretend the team is not present.
Turn some of your security team members into consumers for a few weeks. This opens up new perspectives and allows these team members to appreciate their comrades’ works from the other side. In addition to serve the inspiration purpose, this practice can also be used to identify improvement opportunities.
Recognise & Celebrate
Recognise the quiet guys in the team that do seemly low impact works - administrators, security monitoring operators, SOC etc. When it comes to high impact contributions/stories, such as “successfully prevent WannaCry” (good patch management and vulnerability management), don’t be shy spreading the message and blow the trumpet.
Build the image and set the bar out in the public, for one, it endorses the team, on the other hand, it would both extrinsically and intrinsically force the team to improve due to the indirectly made public commitment.