Teamwork makes the dream work
I had a chance to sit down, virtually of course, with Yaron Levi & Allan Alford to talk about making the team work to make the dream work for cybersecurity teams and the vendors they rely on.
Prologue
Yaron and Allan are both conversational podcasters - and while we were in the holding area before going live with our discussion, I learnt quite a bit about the overall effort that goes into "dropping" a 30 minute podcast - a whopping 30 hours!
So how do they do it? The answer maybe obvious to many but it is worth stating - teamwork. They've both built an ecosystem of virtual team members - some content SMEs and some technical SMEs to produce this fantastic content they "drop" so regularly.
Needless to say they employ the same set of tactics to being successful CISOs.
The Show
Here is the full show: CyberSecurity: A team sport.
We weaved through many connected topics around building successful vendor alliances, shared responsibility as an operating model, how to build vendor-security-development alliances for AppSec and more.
Epilogue
At the cost of sounding redundant, the basic building block for teamwork is mutual trust between the security team & the vendor community. A seemingly basic tactic to build that mutual trust is consistency. Consistent behavior over time on the part of each stakeholder creates mutual trust.
The vendor consistently chooses to map customer needs to vendor capabilities and the security team consistently seeks to bridge the gap between business, risk and technology.
Since we all love alliterations, we summarized our discussion with the 3Cs to practice once mutual trust is established:
Curiosity: Ask questions. Our circumstances and operating environments are complex, interconnected and ever-changing and the only way to make progress is to ask questions.
Collective Knowledge: Leverage the collective knowledge of the community. Your community includes your vendors. Use the vendors as your specialized search engine to gain the knowledge you need.
Circle of Competence: The final piece of the puzzle is knowing what the boundaries of our circle of competence are - both individually and collectively as an organization. Having a clear understanding of stuff that you are good at and stuff you'd rather find a partner for is the first step in building a dream-team.
You gotta get a team to work for the dream to work.
