Building a Healthy Cybersecurity Culture

by

This is a guest post from our friend Caroline Wong, Chief Strategy Officer at Cobalt.io.

Every company has a workplace culture and a security culture. Many people would define the former as "flexible PTO and cold brew on tap" (which, of course, is a gross oversimplification) – but might struggle a bit to explain the latter. My role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity startup that provides pentest as a service (PtaaS), provides me with a unique perspective with line of sight into both sides of the culture coin. Trust me, infosec teams don't have it easy.  

Good cybersecurity combines people, processes, and technology for optimal results. In my experience, it starts with people — the most effective cybersecurity teams foster a culture of collaboration. Many organizations are shifting from DevOps to DevSecOps to bridge the gap between development, security, and operations and embrace everyone as an integral part of the security team. 

Technology alone can't solve all of the security issues and vulnerabilities that are prevalent today - security still requires people along with the right workflows to be effective. Unfortunately, getting security teams and the broader organization to work together isn't always easy. Challenges are inevitable, but when it comes to protecting business-critical assets, collaboration across all teams is crucial. That's why, at Cobalt, our mission is to "let security dance" – because we believe strong security syncs the movements of different individuals. 

Security is multifaceted — it takes the help of the entire business working together to achieve a strong security posture. So, how can you bring security and the broader organization to work together?

Define a long-term vision that aligns with broader business goals.
It's important for tech leaders to first understand how sales, engineering, marketing, and all other teams within a business are operating. This accelerates the ability to identify areas of opportunity to establish and improve security practices. 

Strategize with a purpose that confronts today's challenges.
It's important to point out that cybercriminals are becoming increasingly sophisticated in their tactics. As technology modernizes, the strategies companies use to remediate risk also need to modernize to keep up with emerging trends in the cybersecurity space. 

Make sure your teams are aligned.
Embedding security into every effort within an organization and creating awareness is key to building and maintaining a proactive security program. This takes consistent communication across teams to move towards protecting assets every step of the way.

"As cyber security leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture." — Britney Hommertzheim, Business Information Security Officer at Cardinal Health.

At the end of the day, any business could be at risk of a cyber attack. Especially in a remote environment where processes can be more siloed, it's important to ensure your teams are up to the challenge of fully protecting your organization by working with all teams to develop security functions further.

 

Caroline Wong
Caroline Wong

Caroline Wong is an infosec community advocate whose first foray into book writing, “Security Metrics: A Beginner’s Guide,” kickstarted a career-long obsession with knowledge sharing and industry storytelling. Today that obsession is apparent in her hosting duties for the Humans of Infosec podcast, the dozens of security conferences where she speaks each year, her LinkedIn Learning coursework, and The PtaaS Book.

When she isn’t evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity startup with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. At Cobalt, Caroline champions a cultural blend of innovation and grit while putting into practice her experience with communications, leadership, and delivering global security programs at scale.

After fleeing the toxic mimosas-in-the-morning grind of Silicon Valley in 2014, Caroline moved to a ranch in Portland, Oregon, where she now lives with her family. She has never looked back.

Keep Reading

How are CAASM and CSPM different? | JupiterOne
June 13, 2024
Blog
How are CAASM and CSPM different?

Comparing Cloud Security Posture Management to Cyber Asset Attack Surface Management

CAASM and IAM to Strengthen Your Security Posture | JupiterOne
June 5, 2024
Blog
CAASM and IAM to Strengthen Your Security Posture

Discover how CAASM and IAM can reduce security risks from over privileged accounts and inefficient user deprovisioning.

Next-Gen CMDB or Paradigm Shift? CAASM Leads the Way to Proactive Defense | JupiterOne
May 30, 2024
Blog
Next-Gen CMDB or Paradigm Shift? CAASM Leads the Way to Proactive Defense

CAASM empowers proactive defense by integrating internal insights and external threat visibility, enabling prioritization of critical cybersecurity risks.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.