Cybersecurity leaders not only go against threat actors to defend the organization but also find themselves at odds with other business executives. How can we avoid fighting everyone? What does it take to ensure the security team doesn't become the department of "no"?
We’re often in the position of having to deny people's requests. Our colleagues want to do all these exciting things—and historically we got in their way, which created a lot of conflict.
Fortunately, as an industry, we have matured and realized that if we're going to be helping the business move forward, we need to find a way to say "yes." The idea of being an enabled is relatively new in cybersecurity. We're only now realizing that that has to be the case, otherwise we're just a burden. People tend to find ways around burdens, so if we want people in the organization to come to us, they need to see that we're helping them in some way.
Enablers need to find a way collaborate with others in the organization. A way to do that is to look for the common ground between teams by seeking common goals. Remind all stakeholders that we’re we have an interest in the organization to succeed and point to specific shared objectives. We can do that while acknowledging that, yes, we have to have differences, and that's okay; we thrive in diversity.
People naturally will find that it's easier to collaborate when you understand the other person's perspective and something about the other person's job. A lot of security and IT professionals have already discovered that. And others are probably in the process of realizing that that's the best way to work, the easiest way to work, and perhaps the more gratifying way to work.
In the following conversation with Chris Cochran and Ron Eddings at Hacker Valley, I discuss these ideas and cover how CISOs and other security leaders can:
- Build relationships with security and business functions
- Communicate with executives across the C-suite
- Propell the business