- Why do we operate the way we do?
- Are our behaviors appropriate within our marketplace?
- Does our business support the right type of cyber behavior?
These questions are at the heart of any role in the cyber security space and given the amount of press about the way that tech firms are conducting their business, these considerations are quickly moving up the corporate priority list in all sectors.
This is not just because CIOs want positive press reports. When you have a best-in-class cyber security function and a naturally compliant workforce, it can act as a powerful sales tool and can be an overall catalyst for business growth.
Cyber security is not just about managing threats – it is about enabling and promoting business growth.
When you have cyber security involved in the architectural design – process and technology, you build a product that is more than fit for purpose. You build a product with longevity built in. When you have cyber security offering value across the front end, the resultant development will be more robust.
Cyber security is no longer about dotting the I’s and crossing the T’s – when it adopts an internal and service-led agenda, its value increases far beyond its original scope of keeping a business “safe” from external threats.
I do a lot of recruitment work in this area and I can say that when a CIO comes to me to discuss the brief, the conversation is more often than not about enablement than prevention.
Then the challenge is to find the right people who have not only the technical skillset but also the service mentality to go beyond what has traditionally been expected of them.
This is not easy as there are not a whole lot of people like that out there. Yet.
One of the keys to finding such people is to look at the cultures of their previous employers. You can only work within the parameters that you are given and if a working culture is overly restrictive, then it is unlikely that information security function will be pushing the corporate envelope too much.
A second consideration is to assess the personal approach of each individual to their work. A proactive service-led attitude is crucial, and if someone has an attitude of “how do we?” rather than “why should we?” it is clear that they are a potential fit.
Sometimes you have to make judgement calls, over the past year I have been involved in the recruitment of entire cyber security teams from the top down because my clients believe I understand how these requirements fit and interact together, rather than just the scope of the role itself.
As the saying goes, it isn’t rocket science.
In a technology setting, “how we behave” is intimately linked to internal ethical and compliance considerations – if those considerations are driven by enabling business growth rather than limiting risk, the business will be far more customer-centric.
The sales team is not the only one to impact the bottom line.