Rick Grinnell

This Valentine’s Day, it’s time to show some love to your security teams

Feb 14, 2022
CSO and CISOSecurityStaff Management

Building long-lasting loyalty with your security teams is more challenging than ever; here’s how to respond.

When Valentine’s Day rolls around, we often think to shower gifts and attention on the romantic partner in our life or on our families. But, maybe this Valentine’s Day, it is time to show some extra love to your security teams. 

Building long-lasting loyalty with your security teams today is not a straightforward task, and it has gotten even more difficult with remote work in place. 

As a CIO/CISO, you have faced open source software attacks, phishing campaigns, email hacks – calamity after calamity – and yet the biggest problem is that your organization’s defense is dependent on the quality of your security team. Despite buying best-of-breed products to detect and respond to emerging threats, talented people are the key to providing optimal protection.

Today, one of the biggest challenges for CIOs/CISOs is ensuring you can hire and retain the right people in this tenuous climate. With remote and hybrid work placing additional stresses on employees, company loyalty comes at a premium.  CIOs/CISOs need to revisit hiring and recruiting, building team knowledge, and developing continuous training. It also means implementing frontier technology that will help alleviate mundane tasks, level up your ability to respond to threats, and provide employees with the ability to work on rewarding tasks.

Challenge of remote hires 

As work from home has become the norm, many organizations have jumped at the chance to hire remote workers. There are good reasons for this. It means companies can hire highly talented people, in perhaps less competitive, less expensive markets. Companies can locate superstar talent from anywhere, and the additional pool of people from which to choose has been broadened. 

People that were hired during COVID-19, however, likely never formed the same in-person emotional connections with a company. They didn’t have the same opportunity to build relationships and connections to their team and the broader organization. For many, the work was/is just a job to do remotely. And without a personal connection with decision makers and influencers within the company, these workers never get to connect in the personalized ways we’ve known before. That’s a hard barrier for CIOs/CISOs to overcome.

Dealing with the brain drain

When it comes to hackers and attackers, presumably there isn’t a great deal of churn within crime syndicates.  The best state-sponsored criminal minds aren’t thinking about jumping ship to go work for another organization. But there is a great deal of churn among security workers.  We have all heard a similar story – you build the expertise in a superstar security employee, and then that star employee gets a shiny new opportunity and chooses to leave. MAANG and others are out there, enticing your best people with top dollar. 

The high churn rate in our industry was recently exemplified over the recent 2021 holiday weeks when the Log4J crisis was occurring. Some security professionals who were faced with dealing with the crisis during the holidays gave their resignations so as not to disrupt their previously scheduled family time. They knew they could have their pick of jobs just the other side of Jan. 1. What happens to the expertise, that built-up knowledge base? How do you keep the expertise engaged, so that employee doesn’t leave? 

Building a loyal (remote) culture

To build loyalty and an attentive and engaged culture with remote employees, it is more important than ever to place a greater emphasis on how you communicate with your people, and to invest in technology and training that enables them to do their job better. It is critical that they feel empowered and have confidence that they can do their jobs well, and that they are an integral part of the company’s success.

  1. Communicate – As the CIO/CISO, you need to manage not only people, but expectations, aspirations and innovations.  Frequent interaction, relevant information sharing, and Zooms/calls fit the bill. It’s important to recognize apathy or burnout, and to build in incentives to keep both individuals and the team motivated.
  1. Use AI and frontier tech – Supplement your team’s knowledge base with AI model systems that detect attacks, threats, and vulnerabilities. Given how quickly threat models are changing and evolving, the industry needs products that put best practices, configurations, and choice of response tactics into the hands of security teams more quickly. 
  1. Invest in training – Invest in your employees in the beginning and in a continuous fashion. Make relationships with industry insiders and have your employees learn from the best. It’s about sharing best practices. Let’s stop pretending we can solve these problems on our own. Pass this knowledge onto your team and help them get prepared for always-evolving new threats.

Opportunity for startups to fill the knowledge gap

While this article focuses on CIOs and CISOs, there is also a huge opportunity for startups to develop the kind of dashboard that would fill the knowledge gap that results when team members leave a company. Why is security software so complicated? Can we not get an easy-to-use, consumer-like friendly dashboard (think TurboTax) to better detect, track and respond to security issues, while building a more solid knowledge base? I would like to see real-time analytics with a sophisticated back end presented in a simple interface. This would allow complex issues to be presented in such a way that a less trained person could understand and make decisions from the information. 

This Valentine’s Day spread some love with your security team. Invest in them and encourage and enable your remote teams to become more fully integrated. Going the extra mile goes a long way when it comes to fostering loyalty in tough times, which will ultimately go towards building a stronger defense for your organization.