In the current environment, companies are asking their cybersecurity teams to do more, better, and at less cost. The Netrix vCISO team helps clients to mature an organization’s cybersecurity posture as well as build and develop more effective, efficient security teams. Below is an approach for developing a stronger, more efficient security team.
Understand your pain points, but don’t expend resources on a reorganization. Before you can improve the security team, you need a thorough understanding of the team’s roadblocks, pain points, and skills gaps. Usually someone then suggests that a reorg will fix the problems. Unfortunately, reorgs tend to take time, effort and money but only generate cosmetic changes. They don’t tackle the underlying issues.
Once you understand the root causes, then it is time to clearly define the security team’s scope of work and who is responsible for what. We’ve found building both functional and task RACI charts to be very effective in identifying interdependencies and skill and platform gaps as well as generating productive conversations and problem solving.
Building off of the RACI work, the next step is to hold people accountable. At this point, the team should know who oversees workstreams, who actually performs the work in each workstream, and who needs consultation or information for each area. You’ve also identified if team members need additional training to perform their assigned roles effectively. Now, it is time set clear expectations on what a finished task or project looks like and how long those should take. Once you’ve removed the “I didn’t know I was supposed to do that,” then you can focus on why something is behind schedule and address roadblocks or personnel issues.
The final point to keep in mind is that you need to meet your people where they are. Know your people and understand their strengths, weaknesses, and motivations. You will only end up with frustration and failure if you give someone who is bad at prioritization a long task list and then get upset when they don’t make progress. You have the people that you have. Either match them to work where they can be effective and efficient, help them to grow into new areas, or remove them from the team. In some situations, you need resources to surge on an effort or specific technical expertise for a short period of time (e.g., platform implementation). In those scenarios, hiring professional services support might be the right solution. For more information on building the right cybersecurity plan, reach out to our team at Netrix: Learn How We Solve Business Problems – Netrix Global
2024 Netrix, LLC | All Rights Reserved.
