The Virtual CISO

CISO Trainings , Recruitment & Reskilling Strategy , Training & Security Leadership

CISOs: Make Sure Your Team Members Fit Your Company Culture

Why? Because 'Culture Eats Strategy for Breakfast,' as the Saying Goes
CISOs: Make Sure Your Team Members Fit Your Company Culture

"Culture eats strategy for breakfast" is a famous business quote often attributed to management consultant Peter Drucker. It's a memorable way of saying that any company's strategy for business success is only as good as the company's culture and how committed employees are to upholding it.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

Today, the demand for cybersecurity expertise far outstrips supply, and chief information security officers are challenged with building high-functioning cybersecurity teams amid a labor and skills market that can only be described as impossible. The cybersecurity workforce gap, estimated in the millions globally, is a testament to the increasing sophistication of threats and the critical importance of digital security in our interconnected world.

Here are some strategies CISOs can use to overcome these challenges and assemble teams capable of defending their organizations against the myriad of cyberthreats they face daily.

  1. Emphasize culture and values over skills alone.

    In a market where technical skills are at a premium, focusing solely on candidates' existing cybersecurity knowledge can limit your hiring pool. Instead, CISOs should prioritize candidates who align with the organization's culture and values and exhibit a strong willingness to learn. Skills can be taught, but qualities such as adaptability, resilience and a passion for security are intrinsic. By fostering a culture that values continuous learning and growth, CISOs can attract individuals from diverse backgrounds and experiences who will enrich the team's perspective and approach to problem-solving.

  2. Invest in training and development.

    Given the scarcity of ready-made talent, investing in training and development programs is crucial. CISOs should advocate for resources to upskill existing employees and provide pathways for those interested in transitioning to cybersecurity roles from other areas of the organization. This helps fill the skills gap and also promotes employee retention by offering career growth opportunities. CISOs also can establish partnerships with educational institutions and participate in apprenticeship programs to create a pipeline for fresh talent. This will provide students and recent graduates with hands-on experience and a direct path into the cybersecurity field.

  3. Leverage technology to augment human capabilities.

    Automation and artificial intelligence tools can significantly enhance a cybersecurity team's effectiveness by taking over repetitive, time-consuming tasks to allow human analysts to focus on more complex and strategic activities. CISOs should explore opportunities to integrate these technologies into their operations to reduce the burden on their teams and increase efficiency. Such tools also can help level the playing field by allowing less experienced team members to contribute more effectively while they continue to build their expertise.

  4. Embrace remote and flexible work arrangements.

    The COVID-19 pandemic has demonstrated the viability and benefits of remote work, particularly in the field of cybersecurity, where much of the work can be conducted digitally. By offering remote and flexible work arrangements, CISOs can tap into a broader talent pool, unconstrained by geographic limitations. This approach also appeals to candidates' desire for work-life balance and makes the organization more attractive to potential hires.

  5. Build a collaborative security community.

    Cybersecurity is not a solitary endeavor; it's a collective fight against common adversaries. CISOs can enhance their teams' capabilities by fostering collaboration both within the organization and with external communities. Internally, promoting a security-aware culture across all departments can empower employees to be the first line of defense. Externally, participating in industry forums, sharing threat intelligence with peers and engaging in public-private partnerships can provide access to shared resources, insights and best practices. These collaborations can extend a team's reach and effectiveness beyond its immediate members.

  6. Diversify the recruitment strategy.

    Diversifying recruitment efforts can help uncover untapped talent pools. Initiatives aimed at increasing the participation of underrepresented groups in cybersecurity, such as women and veterans, can broaden the range of candidates. CISOs should also look beyond traditional recruitment channels and explore alternative sources such as hackathons, cybersecurity competitions and online communities. These venues provide a platform for identifying individuals with a demonstrated passion and aptitude for security and offer an unconventional way to assess candidates' skills in action.

  7. Prioritize retention through engagement and empowerment.

    In a competitive market, retaining existing talent is as crucial as attracting new members. CISOs should strive to create an engaging work environment where team members feel valued, empowered and challenged. Regular check-ins, clear career progression paths, recognition programs and opportunities for professional development all can contribute to higher job satisfaction and loyalty. By emphasizing the team's role in protecting the organization and its stakeholders, CISOs can instill a deep sense of commitment to the mission.

Building a high-functioning cybersecurity team in today's challenging labor and skills market requires CISOs to think creatively and act strategically. While the road ahead is always twisty, following the steps above will help CISOs navigate the complexities of the current labor market and secure the talent necessary to execute their mission and achieve their objectives.

Remember: Having one "difficult to work with" genius on the team will crater your mission faster than an army of enemy combatants. So, spend a lot of time on evaluating cultural fit. In addition to a separate team meet, have the candidate join you and the team for a virtual lunch and watch the interaction. The more time and attention you spend on this one hiring practice, the stronger your team will be.



About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.