The CISO and security team have to connect and collaborate with all key personnel and teams using internet-facing assets every day in order to manage the security program. Successful team collaboration is crucial to building and managing nearly every aspect of cybersecurity.
In Cloud Security Reinvented – Orca’s regular podcast with host Andy Ellis, Advisory CISO – enterprise security leaders share insights and experiences as they’ve managed security through the massive shift to the cloud, and what the future holds for cloud security.
Read on for the 5 collaboration tips they shared on Cloud Security Reinvented.
5. Learn your business and business partners
When thinking about how to manage a cybersecurity program, Roland Cloutier, the Global CSO at TikTok (episode #18) explains the importance for CISOs to understand one’s business and internal and external partners. “How do we imagine a product, how do we develop it, and how do we market it? How do we build it? How do we sell it, deliver it, monetize it, and how do we service it? And how do you do it all over again?”
Justin Somaini, CSO at Unity Technologies, (episode #14) also mentioned this insight: ”I spent a fair amount of time later on in my career learning what marketing is. What does the sales team do? How does it work — the funnel? Those things enabled me to learn what’s going on in the organization where I work. The more you know about those processes, the better you are able to communicate, influence, and drive alignment and execute.”
4. Develop social skills
Everyone will focus on growing professionally, but sometimes it is more challenging to develop high-quality social skills than technical ones. A piece of advice Andy Steingruebl, CSO at Pinterest, (episode #17) gives to others is to develop healthy working relationships with teammates. ”As you try to move upwards in your career, it’s not just the technical, because pretty soon you will outgrow the problems you can solve all by yourself. And once you outgrow problems you can solve by yourself, you need to collaborate with others and how well you can do that is important.”
3. Build trust with people
Dan Walsh, the CISO at VillageMD, notes how trust is required to build relationships in security (episode #7): “Cecelia, my first manager at UnitedHealth Group, taught me how to be direct. I remember when I first started with her, she would say, ‘You have to have coins in the bank with me,’ meaning, ‘You have to earn my trust.’ And so that was a huge lesson — to build trust with people. Because that’s what security is all about.”
“Everybody comes to the table with different perspectives,” says Nick Vigier, CISO and the owner of Rising Tide Security (episode #13). Nick shares facts on risk management with stakeholders: “And as long as I can give them the facts and help them understand the risk that they’re taking, it’s neither right nor wrong; it’s just different.”
Morey Haber, the Chief Security Officer at BeyondTrust, (episode #9) explains the importance of listening in relationship building: “Listen. You’re in a conversation to process information and formulate an opinion, but your opinion right up front is not necessarily the right answer. It is so important to be able to not talk but listen and not respond, just so you can respond.”
2. Demonstrate empathy
On leading as a CISO, Ryan (episode #8) notes his approach: “It’s important that CISOs understand their strengths and weaknesses, surround themselves with the right team, and empower others in the organization to take security responsibly and seriously for themselves. They need to be transparent, approachable, and business-focused.”
Ryan elaborates: “You need to demonstrate empathy for others because if you’re coming to them, you’re likely asking them to do something. So, you’ve got to be able to demonstrate that empathy.”
One of Justin (episode #14) top secrets is simple: ”Don’t be afraid to pick up the phone and call other people in the company to have coffee and learn what they do.”
1. Get to know your team
Renee Guttmann, a cybersecurity leader who has led security programs at Coca-Cola, Time Warner, Royal Caribbean, Campbell, and Capital One, (episode #11), believes focusing on the teams around the CISO is extremely important. “You’ve got to start with who they are before they care about what you’re doing and why you’re there. You don’t want to be seen as the cop. You actually want to create a persona that people will feel comfortable coming to… when the garbage cans are on fire, before the building burns down.” In order to do that, Renee says, “You have got to put yourself out there in a way that people get comfortable with you, and they want to be in the same room as you.”
Catch up on Cloud Security Reinvented
Want to catch up on this past season? Bookmark the Cloud Securing Reinvented podcast for on-demand access, and subscribe on your favorite streaming platforms: Spotify, Apple Podcast, Google Podcast. More shows are on the way – so stay tuned!
With Orca Security, you can free up your teams with a better way to manage cloud security risks, including prioritized alerts, attack path analysis, vulnerability management, cloud compliance, shift left security, and more. See how Orca provides 100% visibility of your cloud environment in minutes with a free 30-day trial and cloud risk assessment.