Every company has a workplace culture and a security culture. Many people would define the former as "flexible PTO and cold brew on tap" (which, of course, is a gross oversimplification) – but might struggle a bit to explain the latter. My role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity startup that provides pentest as a service (PtaaS), provides me with a unique perspective with line of sight into both sides of the culture coin. Trust me, infosec teams don't have it easy.
Good cybersecurity combines people, processes, and technology for optimal results. In my experience, it starts with people — the most effective cybersecurity teams foster a culture of collaboration. Many organizations are shifting from DevOps to DevSecOps to bridge the gap between development, security, and operations and embrace everyone as an integral part of the security team.
Technology alone can't solve all of the security issues and vulnerabilities that are prevalent today - security still requires people along with the right workflows to be effective. Unfortunately, getting security teams and the broader organization to work together isn't always easy. Challenges are inevitable, but when it comes to protecting business-critical assets, collaboration across all teams is crucial. That's why, at Cobalt, our mission is to "let security dance" – because we believe strong security syncs the movements of different individuals.
Security is multifaceted — it takes the help of the entire business working together to achieve a strong security posture. So, how can you bring security and the broader organization to work together?
Define a long-term vision that aligns with broader business goals.
It's important for tech leaders to first understand how sales, engineering, marketing, and all other teams within a business are operating. This accelerates the ability to identify areas of opportunity to establish and improve security practices.
Strategize with a purpose that confronts today's challenges.
It's important to point out that cybercriminals are becoming increasingly sophisticated in their tactics. As technology modernizes, the strategies companies use to remediate risk also need to modernize to keep up with emerging trends in the cybersecurity space.
Make sure your teams are aligned.
Embedding security into every effort within an organization and creating awareness is key to building and maintaining a proactive security program. This takes consistent communication across teams to move towards protecting assets every step of the way.
"As cyber security leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture." — Britney Hommertzheim, Business Information Security Officer at Cardinal Health.
At the end of the day, any business could be at risk of a cyber attack. Especially in a remote environment where processes can be more siloed, it's important to ensure your teams are up to the challenge of fully protecting your organization by working with all teams to develop security functions further.