While I’ve heard many “I’m just not technical” comments, I’ve also been in one hour scheduled meetings that ran into two hours because the CEO wanted to understand the results of a penetration test and asked questions that we spent time talking through along with the CIO and IT leadership. It was healthy, valuable conversation, and resulted in an actionable plan that quickly improved the cyber security posture of the organization.
As more and more organizations are starting to take this approach. I’d like to offer a few points to think about that I’ve seen stifle the process if not considered.
Pride of Ownership
This can be a touchy subject. The average IT department staff not only invests a lot of time and effort into the systems and platforms they manage, but they also take pride in their work. In some cases, so much that it’s not uncommon to hear a network administrator or engineer refer to their company’s infrastructure as, “my server” or “my firewall”. So, when suddenly these systems come under review internally or when a 3rd party is being brought in to test systems unannounced with very little discussion around the “why”, a certain level of fear and frustration can begin to naturally impede the success of the overall project.
Start with Why
When there is open communication around the “why” and the goals of such a project, it can go from fears of my job being in jeopardy to we’re getting some reinforcements to help mature our posture. This change in mindset can be a huge asset to your organization. Therefore, the C-Suite should focus on communicating the “why” in order to strengthen the value of their cyber security strategy.
An exception would be an organization that has established a mature cyber program to the point of the need for an unannounced approach to test the team’s response to malicious operations being carried out against the organization. Organizations that participate in these exercises regularly can grow accustomed to this type of testing and in most cases, welcome the improved cyber security posture and learning opportunities testing and partnerships provide.
This type of healthy environment is driven from the C-Suite as they have the ability to set the tone for how things such as pride of ownership are addressed with IT staff. Allowing your organization to see the bigger picture can help not only make for a more engaged team but also a stronger, more resilient cyber security posture for your organization.
» Brad Pierce is the Director of Network Security for HORNE Cyber where he focuses on leading advanced penetration testing teams. Brad has more than 15 years of experience in network deployment, management, support, and information security.
BEFORE YOU GO…
… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.
If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.Click for more info