I previously wrote about building security culture in the organisation, in this blog, I look at the security team itself and share some tips for CISOs to develop a culture of performance for their teams.
As a new CISO in an organisation, you will often inherent a team. Although they might technically report to you, wining their hearts and minds should be one of your early priorities in order to be effective. Building on your positional power to influence your team therefore is key to making a positive impact on the company and customers.
Dedicate quality time to listen and understand your team members’ views and learn more about them as individuals. This will build trust and set you up well over the long term, even if you may initially feel that this time could been used to get some urgent tasks over the line.
For example, an ‘environment scan’ to understand the context may reveal some improvement opportunities: there might be no clear mission or goals, lack of engagement and clarity on roles due to multiple recent reorganisations, constant ‘firefighting’ while struggling to plan and resource important work. In that case, setting a clear direction should be one of your first objectives. I suggest making values an integral part of this direction and defining success not just by results but also by the way they are obtained.
I recommend starting with with alignment on company values because I believe it is important to set a direction that is ethical and responsible. Try organising a meeting and asking your team members to share their own values, describing how these relate to company values and provide examples how they act in line with them in their day jobs.
For example, you can start the meeting by encouraging every participant to select five values from a list of values you can find on the internet or add their own that they feel strongly about. Reflect as a team on what these values mean to you, the priority order and similarities among you. Then facilitate a discussion on how your individual values integrate with the company values and what this meant in your jobs.
Based on the workshop insights, collaboratively develop a ‘team deal’ – a set of principles and values that guide your team’s culture and ways of working. Below are some of my favourite examples:
- We act with integrity
- We take accountability and deliver outcomes
- We deliver on our commitments
- We improve security posture by driving remediation of security issues
- We look for ways to improve our security processes
- We are proactive and solution-oriented
- We collaborate with people to help do things in a secure way
- We showcase our security and privacy posture to our partners and customers
- We engage with respect and transparency
Feel free to add your ideas in the comments or reach out to me directly if you’d like to have a chat.
Cyber Security Leadership 
2 Comments