Building a Healthy Cybersecurity Culture

By

This is a guest post from our friend Caroline Wong, Chief Strategy Officer at Cobalt.io.

Every company has a workplace culture and a security culture. Many people would define the former as "flexible PTO and cold brew on tap" (which, of course, is a gross oversimplification) – but might struggle a bit to explain the latter. My role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity startup that provides pentest as a service (PtaaS), provides me with a unique perspective with line of sight into both sides of the culture coin. Trust me, infosec teams don't have it easy.  

Good cybersecurity combines people, processes, and technology for optimal results. In my experience, it starts with people — the most effective cybersecurity teams foster a culture of collaboration. Many organizations are shifting from DevOps to DevSecOps to bridge the gap between development, security, and operations and embrace everyone as an integral part of the security team. 

Technology alone can't solve all of the security issues and vulnerabilities that are prevalent today - security still requires people along with the right workflows to be effective. Unfortunately, getting security teams and the broader organization to work together isn't always easy. Challenges are inevitable, but when it comes to protecting business-critical assets, collaboration across all teams is crucial. That's why, at Cobalt, our mission is to "let security dance" – because we believe strong security syncs the movements of different individuals. 

Security is multifaceted — it takes the help of the entire business working together to achieve a strong security posture. So, how can you bring security and the broader organization to work together?

Define a long-term vision that aligns with broader business goals.
It's important for tech leaders to first understand how sales, engineering, marketing, and all other teams within a business are operating. This accelerates the ability to identify areas of opportunity to establish and improve security practices. 

Strategize with a purpose that confronts today's challenges.
It's important to point out that cybercriminals are becoming increasingly sophisticated in their tactics. As technology modernizes, the strategies companies use to remediate risk also need to modernize to keep up with emerging trends in the cybersecurity space. 

Make sure your teams are aligned.
Embedding security into every effort within an organization and creating awareness is key to building and maintaining a proactive security program. This takes consistent communication across teams to move towards protecting assets every step of the way.

"As cyber security leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture." — Britney Hommertzheim, Business Information Security Officer at Cardinal Health.

At the end of the day, any business could be at risk of a cyber attack. Especially in a remote environment where processes can be more siloed, it's important to ensure your teams are up to the challenge of fully protecting your organization by working with all teams to develop security functions further.

 

Caroline Wong
Caroline Wong

Caroline Wong is an infosec community advocate whose first foray into book writing, “Security Metrics: A Beginner’s Guide,” kickstarted a career-long obsession with knowledge sharing and industry storytelling. Today that obsession is apparent in her hosting duties for the Humans of Infosec podcast, the dozens of security conferences where she speaks each year, her LinkedIn Learning coursework, and The PtaaS Book.

When she isn’t evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity startup with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. At Cobalt, Caroline champions a cultural blend of innovation and grit while putting into practice her experience with communications, leadership, and delivering global security programs at scale.

After fleeing the toxic mimosas-in-the-morning grind of Silicon Valley in 2014, Caroline moved to a ranch in Portland, Oregon, where she now lives with her family. She has never looked back.

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.