When the time comes to enact a business objective, the role of cybersecurity professionals has historically come down to one word: “No”.
It’s certainly not because anyone wanted to be an obstacle. Instead, it’s because safeguarding devices, mitigating vulnerabilities, and so many more cybersecurity tasks are all about one goal: Protecting the organization against risk.
“We’re often in the position of having to deny people,” explained Lenny Zeltser, CISO at Axonius. “They want to do all these exciting things — and we always get in their way. And I think that realistically created a lot of conflict.”
During the Technically Divided episode, “Cybersecurity Versus Everyone”, Zeltser said cybersecurity professionals are transforming into a new role as the “enabler”.
“I think as an industry, we have grown, matured, and realized that if we're going to be helping the business move forward, then we need to find a way to say ‘yes’,” he stated. “We need to find a way to collaborate.”
“The very idea that security is an enabler is a relatively new thing,” Zeltser continued. “We're only now realizing that that has to be the case, otherwise we're just a burden. And people tend to find ways around burdens. So if we want people in the organization to come to us, they need to see that we're helping them in some way.”
I think as an industry we have grown, matured, and realized that if we're going to be helping the business move forward, then we need to find a way to say ‘yes’.
— Lenny Zeltser, Axonius CISO
Collaboration between teams is important, otherwise projects won’t get done. A lack of alignment could also lead to something even worse: turf battles.
One of the classic organizational clashes can be between IT and cybersecurity functions. Generally, IT teams focus on tasks like ensuring systems are up and running, and preventing outages. Whereas cybersecurity teams are looking at what kind of risk a business objective may bring to the organization. Sometimes their tasks differ with each other, creating conflict.
Zeltser pointed out the common ground between IT and cybersecurity functions is around shared objectives.
“The way for IT and security to collaborate is to start by thinking about common goals,” he explained. “We’re here because we work for the same company, which means that we have an interest in the company to succeed.”
For the leaders running the IT and cybersecurity teams, they have to think both about their direct area of responsibility and the broader business context of the organization, according to Zeltser.
“Because that's the only way to find a common objective around which to rally around and say ’Yes, we have to have some differences, and that's okay.’ We thrive in diversity,’” he noted. “We need to have people who understand that.”
If they haven’t already, functions like IT and cybersecurity will soon start to pivot from a siloed to a more collaborative approach in their every day.
“I think people naturally will find that it's easier to work with others when you understand the other person's perspective and something about the other person's job,” Zeltser said. “I think a lot of security and IT professionals have already discovered that. And others are probably in the process of realizing that that's the best way to work, the easiest way to work, and perhaps the more gratifying way to work.”
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010