When the time comes to enact a business objective, the role of cybersecurity professionals has historically come down to one word: “No”.
It’s certainly not because anyone wanted to be an obstacle. Instead, it’s because safeguarding devices, mitigating vulnerabilities, and so many more cybersecurity tasks are all about one goal: Protecting the organization against risk.
“We’re often in the position of having to deny people,” explained Lenny Zeltser, CISO at Axonius. “They want to do all these exciting things — and we always get in their way. And I think that realistically created a lot of conflict.”
“I think as an industry, we have grown, matured, and realized that if we're going to be helping the business move forward, then we need to find a way to say ‘yes’,” he stated. “We need to find a way to collaborate.”
“The very idea that security is an enabler is a relatively new thing,” Zeltser continued. “We're only now realizing that that has to be the case, otherwise we're just a burden. And people tend to find ways around burdens. So if we want people in the organization to come to us, they need to see that we're helping them in some way.”
I think as an industry we have grown, matured, and realized that if we're going to be helping the business move forward, then we need to find a way to say ‘yes’.
— Lenny Zeltser, Axonius CISO
Finding common ground
Collaboration between teams is important, otherwise projects won’t get done. A lack of alignment could also lead to something even worse: turf battles.
One of the classic organizational clashes can be between IT and cybersecurity functions. Generally, IT teams focus on tasks like ensuring systems are up and running, and preventing outages. Whereas cybersecurity teams are looking at what kind of risk a business objective may bring to the organization. Sometimes their tasks differ with each other, creating conflict.
Zeltser pointed out the common ground between IT and cybersecurity functions is around shared objectives.
“The way for IT and security to collaborate is to start by thinking about common goals,” he explained. “We’re here because we work for the same company, which means that we have an interest in the company to succeed.”
For the leaders running the IT and cybersecurity teams, they have to think both about their direct area of responsibility and the broader business context of the organization, according to Zeltser.
“Because that's the only way to find a common objective around which to rally around and say ’Yes, we have to have some differences, and that's okay.’ We thrive in diversity,’” he noted. “We need to have people who understand that.”
If they haven’t already, functions like IT and cybersecurity will soon start to pivot from a siloed to a more collaborative approach in their every day.
“I think people naturally will find that it's easier to work with others when you understand the other person's perspective and something about the other person's job,” Zeltser said. “I think a lot of security and IT professionals have already discovered that. And others are probably in the process of realizing that that's the best way to work, the easiest way to work, and perhaps the more gratifying way to work.”