If you want to defeat the cyber baddies you’ve got to have the right people on your squad
“No man is an island” said John Donne and the same is true of anyone leading or working in the cybersecurity team. To successfully implement and maintain a cybersecurity infrastructure that keeps people, data and assets safe you need to surround yourself with a team that together, is greater than the sum of its parts.
This person is the brains behind the operation. The place where the cyber buck stops. They are responsible for creating the overarching strategy, identifying upcoming needs and making sure the systems in place are always one step ahead, if not more than one step behind, of the ever evolving threat landscape.
Typical job title: CISO, Head of IT
Not much in this world is free so you’ll need someone with the funds to pay for your project. Even if you’re lucky enough to have your own budget you may still need the sign off and buy in from others to go ahead and spend it. Building a business case that illustrates the financial cost beyond the cost of the software — e.g. what’s the average cost of a phishing attack? — is often the most effective way to get Uncle Scrooge on board.
Typical job title: CFO, Procurement Director
If there’s something strange in your neighbourhood, who you gonna call?
Now the Ghostbusters might not deal with Gremlins in the system (not to confuse too many classic 80’s films) but you definitely need to know people who can. The world of cyber is a wide and often esoteric one and it’s unreasonable to expect someone to know everything — in fact a little knowledge can be a dangerous thing! Whether it’s your existing suppliers, or a specialist consultancy make sure you know who to call when you want to tackle a tricky job.
Typical job title: Often an external consultant with in-depth subject knowledge
You need to get people onboard and behind your project to make it a success. Problem is cyber is full of acronyms and technical detail often rendering it a tad ahem dull for stakeholders around the business. To make sure you’re delivering a solution that works for the business you need to translate your aims and outcomes into terms that make sense for them. So if you’re implementing DMARC, talk to marketing about boosting the success of their email campaigns, not about email authentication protocols.
Typical job title: Some one with a product marketing background will be well versed in how to “translate” technical use cases into end-user stories.
Finally with the strategy, finance, expertise and marketing in place it’s time to make stuff happen! The fixer is someone who will manage the project and ensures it is rolled out in a way that not only delivers value for the stakeholders but comes in on time and on budget. No easy job in the complex world of cyber security.
Typical job title: IT Manager
So good luck assembling your cybersecurity squad! Let me know if there’s someone I’ve left off the team by leaving a comment or dropping me a note @getondmarc.