To influence your organization’s culture, start with the security team's culture

A successful cybersecurity program influences organizational culture – creating an environment where the workforce and leadership are aware of risks, understand their roles, and take ownership of helping keep the organization secure. Reaching that state takes many steps, but I believe it starts with building the right culture on the cybersecurity team.

The cyber team must model the positive behaviors needed to create a trusted partnership on cybersecurity with business teams across the organization. There are many signs of a positive culture within a cybersecurity team – #1 being clear mission motivation. Other signs include continual development of team members, high engagement, and a track record of collaboration to solve problems. Elements like these that create a positive culture within the security team can be contagious and influence the whole organization.

In contrast, a poor culture on the security team – siloes and lack of teamwork, people who always say no, or an “enforcer” mindset that looks for gotchas instead of success stories, can also be contagious in a negative way across an organization. Bottom line – you can’t foster positive energy and engagement in cybersecurity across the organization if it doesn’t exist on the security team.

I suggest a positive culture in a cybersecurity team can be built on seven key pillars:

1- Leadership. Most teams reflect their leaders – do they model the right behaviors, set the tone for teamwork, and show collaboration, ethics, humility, and humor? Equally important – do they have the backbone to hold others accountable for doing the same? Showing trust is another key leadership quality for building the security team’s culture. A leader should develop their team members’ skills and readiness and then show the trust to give them opportunities to make decisions and take ownership of their responsibilities. That element of trust in the team can translate into trust with business units outside of security.

2- Clarity and alignment on mission and goals. Alignment of your program goals with your business’ goals, and ensuring every member of the team can see how their work connects to the company mission, builds an engaged team. Some ways to make this happen include setting clear team goals tied to protecting critical systems and enabling business initiatives, inviting business leaders to provide updates at team meetings, and even “field trips” to company facilities.

3- Continuous learning and growth. Because our field changes so rapidly, professionals in cybersecurity want to keep pace and grow. Building a learning culture on the team leads to better engagement and retention – and the basis for a stronger connection across the organization. A leader can make this happen by being deliberate - structuring training plans that encompass formal (classes, degrees, certifications) on-the-job (new hire training, lunch and learns, team training sessions), and personal (self-learning outside of work) goals. Connecting individual professional development plans with performance goals and evaluations also makes them a deliberate part of the team culture.

4- Communications. Strong communications that build team culture encompass transparency about strategic goals and challenges, two-way dialogue with the team through 1:1 and team meetings, recognition of excellence and accomplishments, and seeking feedback.

5- Care for team members. This has a huge impact on team culture. Knowing team members on a personal level, understanding personal needs that come up, and promoting a healthy work-life balance all help create culture that helps set the tone for how the team interacts with the rest of the organization.

6- Diversity. A team environment that welcomes a wide range of backgrounds, perspectives, and ideas creates problem solving strength and innovation. A diverse team may better represent the diversity of the larger organization, too.

7- Service and fun. Carving out time for extracurricular activities like community service and fun brings extra energy to the cyber team that can be felt across the broader organization. Fun can be pizza lunches, creating witty awareness communications, gag awards at team meetings, etc. Service and fun are both great for team building and chemistry, i.e., culture.

Investing in the culture on the cybersecurity team is like planting seeds that can grow the culture of the organization. Focusing on a handful of foundational elements can build a team that can transform the organization.

Hold Fast

Stay True