Adaptability is a person's ability to be flexible and adjust to the changing circumstances in their environment. Information Technology and cybersecurity are constantly evolving which makes your ability to adapt to those changes extremely important. There are an endless litany of changing priorities, projects, customers and technologies that require you to be adaptable. You also need to be able to adapt your communications style to your listener. Are you talking tech with your team or do you need to take it up a level and streamline the conversation for the non-techie crowd? All this plays in to your adaptability.
Some things to think about when working on your adaptability are:
- Embrace different ways of thinking
- Leave your ego at the door
- Committ to personal development
- Push yourself out of your comfort zone
Presenting an adaptable cybersecurity team can open the door to many conversations that may otherwise be met with resistance. It can show people both within and outside your team that the goal is to enable their work in a secure way, not keep them from their goals. You can show how adaptable you are in situations such as:
- Explaining complex technical topics in an easy to understand way
- Take time to understand how the business process that you're trying to secure works
- Talk the technical talk and walk the technical walk with your team
- Change or eliminate policies and procedures that are limiting business outcomes
Threats, technologies, politics, culture, and business are all rapidly changing around us. Adaptability is crucial not only to stay ahead of cybersecurity threats but also to respond to the organizational culture we work in to keep pushing cybersecurity towards an enablement posture. Adaptability then means many things:
- Learning and applying new technologies, attack methods, industry regulations
- Understanding new strategic directions and mapping that to cybersecurity
- Evolving the cybersecurity culture to keep it aligned with the broader organizational culture and needs of the team members that are a part of it
Adaptability, like many of our other core skills is present in all roles.
As a CISO
The CISO sets the strategic direction for the cybersecurity team. That strategy should be informed in part by what’s happening in technology, what’s forecasted to happen in the near future, what the organization’s needs and goals are, and what resources the team has available to it. These constituent elements are always changing and a CISO cannot get stuck in a headspace of rigidity that doesn’t give space for plans to change.
Resources are another source of constant change that CISOs need to adapt to. Budgets grow and shrink, team members leave, new headcount is approved or layoffs happen, vendor partners may make significant changes to their offerings or their pricing. Your input informs your outputs.
Tactical priorities can also be quite fluid. For example as a security lead in a startup or small organization you may find yourself being pulled into lots of business development activities that pull time away from your project work. Responding to third party security questionnaires, jumping on sales calls, or supporting the onslaught of product development and the possible security implications for any given change being made.
As a Pentester
Penetration testing, like any technical role in cybersecurity is always adapting with new tools, testing techniques, industry regulations to consider, and technologies to test. Penetration testers need to balance repeatable process and adaptive creativity to maximize value while still creating a relatively predictable result for the customer receiving the test.
Customer’s needs are something that will also change from engagement to engagement. Needs may even change in the middle of a test. Write things up this way. Test that thing over there. This feature just got an update. Can we test that again really quickly? These are all requests that may get fielded mid-test and while process matters, remaining somewhat fluid to meet these requests (within reason of course) can yield a much better experience for the customer.