Cyber security professionals stacking their hands in together for teamwork

Teamwork

It is often said that cybersecurity is a team sport. Cybersecurity functions are usually made up of multiple teams. Those teams interact with other teams within an organization. Sometimes your teams might have to form ad hoc teams to solve pressing problems, like responding to an incident. Sometimes your teams might be coordinating with groups outside your organization altogether. Teamwork is sometimes hard enough if you're working inside a cybersecurity function, aligning incentives, plans, priorities, and resources.

A basic org chart for a cybersecurity function

The basic org chart above outlines five teams. Running any of these effectively will require specific skills, personalities, and resources. Teamwork is defined in Wikipedia as "the collaborative effort of a group to achieve a common goal or to complete a task most effectively and efficiently." This definition certainly applies to the broader cybersecurity function, whose mission is likely defined in more strategic terms.

So how should security operations work with GRC? How should the IAM team work with security architecture? How do these teams work with the organization's IT or product groups? What is the interface for the organization's sales and marketing teams?

All of this encompasses teamwork in this context.

Purpose

Learning how to work within a team effectively is critical. Effective teams often avoid rockstar individuals because they can become solo players and, eventually, toxic. All teams need to function well to get their work done.

This need becomes amplified in importance when you consider working across teams. A part of the security team working with sales, marketing, product, IT, or legal. These are all very different stakeholders with different levels of technical aptitude. But they're all critical stakeholders within an organization.

Cybersecurity teams need to recognize, admit, and own that they are not the most critical team in the organization. It can't be. The teams directly building and servicing the mission fill that role. Cybersecurity supports it and enables it.

The degree to which we are good or bad at teamwork depends on how much support and enablement we offer.

Growth Resources

The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition (J-B Lencioni Series Book 43) (English Edition)
Shared via Kindle. Description: The New York Times best-selling team leadership handbook for modern executives, managers, and organizations After her first two weeks observing the problems at DecisionTech, Kathryn Petersen, its new CEO, had more than a few ...
Team Topologies: Organizing Business and Technology Teams for Fast Flow (English Edition)
Shared via Kindle. Description: In Team Topologies DevOps consultants Matthew Skelton and Manuel Pais share secrets of successful team patterns and interactions to help readers choose and evolve the right team patterns for their organization, making sure to...
How to turn a group of strangers into a team
Business school professor Amy Edmondson studies “teaming,” where people come together quickly (and often temporarily) to solve new, urgent or unusual problems. Recalling stories of teamwork on the fly, such as the incredible rescue of 33 miners trapped half a mile underground in Chile in 2010, Edmon…
TED TalksAmy Edmondson

In Practice

Even if you're a security team of one, you will be working with other people and working through other people. Finding ways to work more effectively with others will serve you, your goals, and your organization well.

As a CISO

As a CISO, you set the tone for your team on how to work well with others. If you set the tone for an abrasive security team who talks down to other teams, that will transpire across your org chart. You'll also see that if you set the tone for a welcoming, empathetic, and engaging team culture.

You reap what you sow.

The teamwork dynamics that a CISO will navigate will have to deal with include internal team dynamics and cross-team dynamics. Internally, you'll be helping the teams that report through you to work more effectively together. This is about mutual understanding, collaboration, and sharing information. Across departments, as your teams engage with others, whether legal, IT, finance, or HR, it's about how they engage. Customer service comes to mind as we empathize, seek to understand, and partner with our peers across an organization.