Why Teams Fail Building Resilience into your Security Program and Culture


Manage episode 293500585 series 2643387
By Steve Moore. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

We focus on resiliency in this week’s episode of The New CISO, which was originally recorded at the 2021 RSA Conference. Steve sits down with two former guests on the show, Dave Damato and Sandro Buccianeri to talk about the hard-hitting questions from the inside: why do people fail, and what impact does resilience have on program success?

Thinking About Resilience

As Steve mentions, there is a lack of definition for what is “good” within the cybersecurity realm. So how do we think about resilience and failure when there is no solid definition for what “good” is? And how can we establish resilience for our team members? Setting expectations through frameworks depending on your industry and defining success and capabilities for the team is crucial. However, leaders must also stop and acknowledge that your team members are not robots; they are individuals with challenges that all play a massive part in how they show up every day.

Feedback and Executive Decisions

If employees are scared to speak out if something is wrong within an organization, leaders are basing their decisions based on an echo chamber of positive feedback. Feedback is critical when it comes to correcting any errors or putting out fires, especially in a larger organization with a bigger staff. Showing that you can take criticism and feedback will allow team members to communicate in a more confident way, in turn creating a better work culture. When it comes to operating with other executives, CISOs often feel like they aren’t as established in the corporate landscape as other roles. CISOs need to shift their focus onto how they can have an impact on the business and the top level goals of the organization, which could mean weighing in on company wide issues such as pay rates, benefits, the hiring process, etc.

Managing Expectations

Expectations start as soon as the interview process does. Where do leaders mess up, and how can we fix it? The biggest challenge within security is that there aren’t enough staff and/or resources, so managing the resources in place and setting expectations is key. It’s important to make sure your team isn’t constantly putting out fires. Evaluate when/if you need to hire a new person or bring in a consultant to solve some issues.

Hiring For Resilience

Is it actually possible to gauge someone’s resilience during an interview? What traits should you be looking for during that initial conversation to see if they would be a good fit on your team? Dave and Sandro share their secrets on what exactly they ask and what exactly they are looking for in a candidate to continue to drive that theme of team resilience.


Exabeam Podcasts

Dave Damato - Twitter

Sandro Bucchianeri - LinkedIn

66 episodes