Investing in the people who work on a security team
I was recently featured in an article title The support security leaders need for better cloud security on CSO Online by fellow palmettoian(?) Michael Santarcangelo. I'm working with Michael on improving my writing while exploring various topics within information security. I did not realize moving to the cloud had become such a hot trend for businesses. It makes sense, though, and is probably something that will become more excepted. After thinking about it I realized I've had some exposure to moving certain IT functions to the cloud already. It makes sense for the right technology, and the technology is only getting better, so it will make sense for more and more initiatives.
As I was researching the topic one challenge began to stick out to me. Is everyone on board, specifically those in security, with moving business and IT functions to the cloud? Talking to several IT people I work with and know, I came away with a feeling of hesitation. Hesitation or not, the business is making the call to move to the cloud and doing it at an ever increasing pace. Which is why it is important for all members of a security team to have an understanding and be comfortable with technology moving to the cloud. It is happening whether we like it or not. We could say, "no" but that just means we are being the brick wall that the business will hammer through or more simply walk around or climb over. I have come around to the idea that security needs to be an enabler of the business, but security leaders needs to become an enabler of the people on the security team.
I'm seeing a lot of managers and leaders wanting to do good things, but not finding the time to invest in their people. They are slammed with meetings and projects and spending time with the members of the security team just doesn't fit into the schedule. They were hired to do a job and that's what they'll do, plus they are slammed with a long to do list too. Here's the thing, the people on the security team have wonderful ideas, they have creative ways to solve problems, but more importantly they want to help find solutions to problems the manager is facing. If there's a disconnect all that creativity and input goes to waste.
We often hear about the talent shortage within security. The easy solution is to higher more people and get better funding. The even easier solution is to invest in the people already on the security team. Are security leaders getting the best out of their people? The only way to find out is to invest in the team, not just in training but in mentorship. Sitting down with them to understand their frustrations, provide mentorship, give feedback, and more importantly enable them to be the best they can be. Santarcangelo followed up the article above with one titled The security talent shortage and your leadership opportunity. It's a slideshow format article, which makes it a quick read and it asks some questions on what leaders are doing to address the talent shortage.
Wrapping up (because this is already longer than intended), I'm seeing security teams struggle with finding and then keeping people. As it happens, I was listening to a podcast from NPR's Ted Radio Hour titled The Meaning of Work. The episode explores how we make work more meaningful. Compensation is not something that makes work more meaningful. The environment, the culture, and the challenges are what make work more meaningful. Investing in the security team will help build a better environment and culture. Enabling the security team will help create more challenging opportunities that lead to more meaningful work. More meaningful work makes for a happier security team and a happier security team accomplishes so much more than an unhappy security team.
This post first appeared on Exploring Information Security.