It is often said that cybersecurity is a team sport. Cybersecurity functions are usually made up of multiple teams. Those teams interact with other teams within an organization. Sometimes your teams might have to form ad hoc teams to solve pressing problems, like responding to an incident. Sometimes your teams might be coordinating with groups outside your organization altogether. Teamwork is sometimes hard enough if you're working inside a cybersecurity function, aligning incentives, plans, priorities, and resources.
The basic org chart above outlines five teams. Running any of these effectively will require specific skills, personalities, and resources. Teamwork is defined in Wikipedia as "the collaborative effort of a group to achieve a common goal or to complete a task most effectively and efficiently." This definition certainly applies to the broader cybersecurity function, whose mission is likely defined in more strategic terms.
So how should security operations work with GRC? How should the IAM team work with security architecture? How do these teams work with the organization's IT or product groups? What is the interface for the organization's sales and marketing teams?
All of this encompasses teamwork in this context.
Learning how to work within a team effectively is critical. Effective teams often avoid rockstar individuals because they can become solo players and, eventually, toxic. All teams need to function well to get their work done.
This need becomes amplified in importance when you consider working across teams. A part of the security team working with sales, marketing, product, IT, or legal. These are all very different stakeholders with different levels of technical aptitude. But they're all critical stakeholders within an organization.
Cybersecurity teams need to recognize, admit, and own that they are not the most critical team in the organization. It can't be. The teams directly building and servicing the mission fill that role. Cybersecurity supports it and enables it.
The degree to which we are good or bad at teamwork depends on how much support and enablement we offer.
Even if you're a security team of one, you will be working with other people and working through other people. Finding ways to work more effectively with others will serve you, your goals, and your organization well.
As a CISO
As a CISO, you set the tone for your team on how to work well with others. If you set the tone for an abrasive security team who talks down to other teams, that will transpire across your org chart. You'll also see that if you set the tone for a welcoming, empathetic, and engaging team culture.
You reap what you sow.
The teamwork dynamics that a CISO will navigate will have to deal with include internal team dynamics and cross-team dynamics. Internally, you'll be helping the teams that report through you to work more effectively together. This is about mutual understanding, collaboration, and sharing information. Across departments, as your teams engage with others, whether legal, IT, finance, or HR, it's about how they engage. Customer service comes to mind as we empathize, seek to understand, and partner with our peers across an organization.