Tuesday Morning Grind, Ep 4 - Building Security Teams, Pt 1
In this episode of the Tuesday Morning Grind we talk about building a security team that people want to be a part of, and share our thoughts on developing and retaining top performing security professionals. My teammate, Christian Hyatt has also authored a blog post which is a great companion to this podcast. Check it out on the risk3sixty blog.
Building Effective Security Teams
(Shane’s Show Notes)
Why does this matter?
- Employee engagement is key to both recruiting and retaining top talent. Failure to effectively engage teammates has a real impact to the business:
- Losing key employees may cost the organization may cost the organization upwards of 216% of their salary!
- Disengaged employees are less productive and may bring down team morale.
- Turnover impacts business process continuity.
What makes people want to be part of any team?
- Surround yourself with the right people and making sure you have RIGHT PEOPLE IN THE RIGHT SEATS (Remember Traction, Ch 4).
- Putting teammates in the right role is super important. At times, it’s also beneficial to encourage people to venture out of their comfort zones in some cases (consider red teamers vs blue teamers and benefits of these teammates experiencing their counterpart’s roles)
- Right People means they share the company’s core values
- Right Seats mean the teammate is in a role they will sufficiently fulfil/succeed. The task is properly delegated.
- Holding people to account.
- Poor performers really make it difficult for some of us to maintain top performance. Team morale may suffer. This might be Right People in the Wrong Seat, or simple a Wrong People situation.
- Establish a success baseline. Establish expectations for performance. Develop KPIs to track success.
- Make security matter in the business
- In some organizations security and compliance are treated as a cost center, and burden to the business.
- Give the team something to build together.
- Frame problems and challenges as goals the team should be conquering together (i.e. do hard things together) and celebrate accordingly once you obtain mission objectives.
- Find ways to get the team respect throughout the organization.
- Challenge the team to be ahead of the curve:
- Identify big problems in the company to solve them together (e.g. hack weeks)
- Streamline processes and make them more efficient
- Evangelize the mission of your department to the company and beyond
- Develop world class documentation
- Implement automation and other innovations less adopted in your industry
- Make the team something exciting to be a part of.
Books we discussed in this episode
- Gino Wickman’s Traction: Get a Grip on Your Business
- Marcus J. Carey’s Tribe of Hackers Security Leaders: Tribal Knowledge form the Best in Cybersecurity Leadership