Creating and Supporting Cybersecurity Teams

As a security leader one of the most vital aspects of my leadership roles has been not just dealing with the technical intricacies and cybersecurity as a product but also creating, leading and moulding highly effective teams..

We read it all the time, our cyber defences are only as strong as the people who safeguard them; hence, nurturing a motivated and dynamic cybersecurity team is crucial. It is far from easy, so here I share some strategies and methodologies I have used to bring inspiration in transforming your existing or future team into a highly effective cybersecurity force.

First Step: Assessing the Current Team

The first step I take is to assess the current state of the team. This involves understanding individual skills, knowledge gaps, and areas of strength. A detailed skills inventory can provide an overview of where the team stands, get the team involved to input where they feel their skills are. It is important to approach this by setting expectations that this is not an examination if team members fit with roles, but as a tool for identifying development opportunities for them.

By engaging with individual team members directly, we can understand their aspirations, career goals, and areas they are passionate about. It wouldn’t be the first time I discovered someone in a governance and compliance role whose real interest was for security engineering and excelled when give the opporunity.

This engagement aids in fostering a culture of trust and transparency with the team. Asking the team what they are interested in is one part of the strategy. It is also essential to measure the team’s performance in real-life scenarios, this can be done through regular cyber drills and table top simulations. These exercises, as well as providing great experiences for the team, will identify how effectively the team responds to incidents and their decision-making abilities under pressure. This also helps to provide a view of areas which you can identify need further development in the team.

Transformation Strategy

Having assessed the team, the transformation journey can then begin. This is a gradual process and should be approached with a combination of patience, clear communication, and strong leadership.

  • Strengthening Core Skills: While it’s crucial to keep up with the latest cybersecurity trends, reinforcing core skills like network security, risk assessment, incident management, and software development security must be a priority. Customised training programmes and workshops can help bolster these areas and make sure the foundations are really understood.
  • Promoting a Culture of Continuous Learning: Cybersecurity is a fast-paced field, and complacency can lead to vulnerabilities. Encourage team members to continually upgrade their skills through certifications and courses, seek out areas individuals are interested in and help point your team in the right direction. This culture of continuous learning keeps the team prepared for emerging threats.
  • Encouraging Specialisation: While a broad knowledge base is necessary, specialisation allows for depth. By identifying areas of interest, team members can become experts in specific domains, creating a well-rounded, robust team.
  • Fostering a Collaborative Environment: Cybersecurity isn’t a one-person job; it requires collaboration. Building a culture where everyone feels comfortable sharing ideas, discussing potential threats, and working together on solutions is vital for a highly effective team.

Inspiring and Motivating the Team

A motivated team that is passionate, translates very quickly to a high-performing team. As leaders, we must be the enablers who inspire and motivate our teams to give their best. How do we do that?

  • Providing Clear Direction: Clearly communicate the team’s objectives, strategies, and the part each member plays in the grand scheme. This clarity will foster a sense of purpose and belonging.
  • Recognising and Rewarding: Acknowledge the team’s hard work and achievements. Recognition, whether in the form of praise, awards, or career progression opportunities, boosts morale and motivation.
  • Empowering Team Members: Empower your team members with the authority to make decisions. This empowerment not only speeds up processes but also builds confidence and accountability.
  • Leading by Example: Last but not least, exhibit the qualities you wish to see in your team. Show dedication, continuous learning, and a high ethical standard.

Consider Ways of Working: Introducing Agile Working Methods

Does agile work with Cyber Security? I have been told so many times it doesn’t, maybe not for day to day operations, but it does for delivery into those teams and building new capabilities. I have seen and ran agile delivery projects into cyber security functions really well, agile can work in putting in place the capabilities that teams need to function well.

When I was asked to join a large organisation and lead product ownership for security, the team were at the beginning of learning how to adopt the Agile methodology. Agile being iterative and flexible, allowed for a more responsive approach to emerging cyber threats. The focus on collaboration, continuous improvement, and customer satisfaction offered by Agile aligned perfectly with our team objectives and what senior leadership were crying out for.

We began with Agile training sessions to familiarise the team with this new way of working. This was done in a fun and really engaging way, “how to make toast” was one example which showed how we all think differently about a simple process. We introduced Agile concepts such as Scrum meetings, Kanban boards, and sprints to the team. Subsequently, we started implementing these in our day-to-day operations. For example, we held daily stand-ups to discuss progress and any blockers each morning, and we used sprints to deliver security improvements which were visible to senior leadership. This approach created a more collaborative, responsive environment and provided a clear structure to the teams work.

Deep Knowledge: Reorganising into Specialist Areas

As the team grew it was clear we needed to create more focus and enable deeper knowledge development, when look at this I developed a strategy to create three specialist team areas: Endpoint Protection, Identity Access Management (IAM), and Operations. Each group was made responsible for its domain, fostering a sense of ownership and accountability.

  • Endpoint Protection: This team was responsible for securing all endpoint devices within the company. Their tasks ranged from securing workstations and mobile devices to implementing robust antivirus and anti-malware solutions.
  • Identity Access Management (IAM): This group focused on ensuring the right individuals had access to the appropriate resources at the right times for the right reasons. They developed and managed tools and policies related to identity verification, access controls, and privilege management.
  • Security Operations: This team oversaw the day-to-day cybersecurity activities. Their duties included developing the monitoring solutions for security systems, putting in solutions to help the group security operations teams respond quickly to security incidents.

The transformation very quickly resulted in highly effective, agile cybersecurity teams. Each specialist team was able to delve deep into their respective areas, developing robust security measures and responding swiftly to support incidents. The agile approach ensured a constant cycle of improvement, with lessons from each sprint informing the next.

Importantly, this reorganisation and new way of working increased our visibility to the C-level leadership. Regular reports, including delivery demonstrations in sprint reviews, were provided to the group CISO, showcasing the teams progress, achievements, and areas of improvement. The transparency and constant communication demonstrated our team’s value and the critical role we played in safeguarding the organisation’s digital assets.

Recruiting for the highly effective cybersecurity team

If you are at the beginning of recruiting and building a world class team, the following characteristics are areas which have helped me over the years to build teams that work well and are engaged:

  • Diverse Skillset: A highly effective cyber team has a wide range of skills and expertise, covering various aspects of cybersecurity such as risk assessment, incident response, network security, and application security. This diversity allows the team to address a comprehensive range of cyber threats.
  • Specialisation: While a broad knowledge base is necessary, having team members specialise in specific domains (e.g., endpoint protection, identity access management, or threat intelligence) enables depth and creates a well-rounded, robust team.
  • Continuous Learning: The rapidly evolving threat landscape necessitates that the team stays up-to-date with the latest trends, technologies, and techniques. A commitment to continuous learning and professional development ensures the team remains prepared for emerging threats.
  • Collaborative Culture: Effective collaboration and open communication are essential in cybersecurity, as it is a field where knowledge sharing and teamwork are crucial for success. Fostering a culture that encourages the exchange of ideas and mutual support contributes to the team’s overall effectiveness.
  • Agile Methodology: Implementing agile working methods, such as Scrum or Kanban, allows the team to be more responsive to emerging threats, adapt quickly, and deliver security improvements iteratively.
  • Clear Goals and Objectives: A highly effective cyber team has well-defined goals and objectives aligned with the organisation’s broader strategy. This clarity of purpose helps team members understand their roles and how their work contributes to the overall mission. One method that helps here is having a clear roadmap of where the team are heading over the next 6 - 12 months, what areas are we tackling, what risks are we addressing and how does each team members learning and experience help get there.
  • Strong Leadership: Effective leadership is vital in guiding, motivating, and supporting the team. A leader who leads by example, encourages professional growth, and fosters a culture of trust and empowerment contributes significantly to the team’s success.
  • Proactive Approach: A successful cyber team doesn’t just react to threats but proactively identifies and mitigates potential vulnerabilities. By implementing threat intelligence, regular audits, and penetration testing, the team can stay ahead of potential risks.
  • Incident Response Preparedness: A highly effective cyber team is well-prepared to respond to security incidents. They have a robust incident response plan in place, regularly conduct simulations and drills, and have a clear understanding of their roles and responsibilities during a crisis.
  • Metrics and Accountability: Measuring the team’s performance against defined metrics enables continuous improvement and accountability. Regularly reviewing key performance indicators (KPIs) helps identify areas of success and those needing further development.

I will dive into more details on some of these areas over the coming weeks, but in conclusion, the introduction of Agile methodologies and the reorganisation into specialist areas transformed the team. They became three dynamic, highly focused teams that could respond swiftly and effectively to cyber threats, continually improve, and demonstrate real value to the highest level of the company.

Building a really great cybersecurity team is an ongoing process. It requires assessing the current state, strategic transformation, and constant motivation. However, with the right approach, the right leadership, it is possible to cultivate a team that’s not just effective, but also resilient, adaptable, and prepared for the cybersecurity challenges of tomorrow.