Episode 4: Managing a Security Team
Overview
Free the CISO, a podcast series that attempts to free CISOs from their shackles so they can focus on securing their organization, is produced by CIO.com in partnership with DataBee®, from Comcast Technology Solutions.
In each episode, Robin Das, Executive Director at Comcast under the DataBee team, explores the CISO’s role through the position’s relationship with other security stakeholders, from regulators and the Board of Directors to internal personnel and outside vendors.
Episode 4 focuses on the CISO’s security organization and how to keep security talents motivated and engaged. In this episode, Das is joined by:
- Swathi Joshi, VP, SaaS Cloud Security at Oracle and Vice Chair Board of Directors for Forte Group
- Tyler Warren, Deputy Information Security Officer at Prologis
Together, the group discusses strategies for motivating the critical personnel who actually protect the network and environment. They also consider two cyber-specific challenges for CISOs across all industries: 1) How to manage IT teams that possess such in-depth, technical cybersecurity knowledge; and 2) How to address the well-documented gap in qualified cybersecurity talent.
When it comes to motivation, Joshi believes that environment is everything. “That includes company culture … and do they have a supportive manager? Is the company’s strategy and vision clear? … At the end of the day, is this person set up to succeed?”
This is important because of the niche expertise found within an effective security team. A CISO can’t possibly master every concept; that requires a diverse team with complementary skillsets. However, according to Joshi, CISOs must build credibility, both as experts and as leaders, to bring out the best in their personnel.
“Oftentimes, when it comes to an organization’s security, the narrative is that humans are like the weakest link,” Joshi says. “I push back on that because, when an incident happens, it’s humans who are going to help us get through that incident. Humans are not the weakest link. They are our strongest asset—so long as they’re motivated.”
According to Warren, that’s not the only mindset that needs to change. “Back in the day, we were known as the Department of No. We felt like we had to say ‘no,’ because when you said ‘no,’ that meant we were secure. … But nowadays, we really have to be the Department of Enablement.”
The key, Warren continues, is bringing in more stakeholders sooner so that everyone has a seat at the table during big decisions. The goal? Developing relationships that improve security while advancing the business.
“If you develop your policies right and you have the right visibility and the right people, you become a partner to those IT people and the business,” Warren says. “So people no longer want to leave you out of a meeting because they think, well, Tyler is just going to say no. Or he's going to add six months onto this because he wants this and this and this.”
But getting to that point is more complicated than simply flipping a switch—or typing a line of code.
Listen to the full episode to hear all their insights, better navigate the role of CISO, and deliver real value for your enterprise.
Don't miss Episode 5: Appraising and leveraging vendors
To learn more about DataBee and the DataBee Hive™ security data fabric platform, visit their website or follow along on LinkedIn.
More about Robin Das, Executive Director, Market Growth Strategist, DataBee
Robin is responsible for defining DataBee’s unique value proposition in the market, long term strategy and product vision, and business development opportunities via outreach to strategic targets, partnerships, alliances, and other investments to continue to drive overall growth.
His prior experience at Comcast includes roles in Corporate Strategy, FP&A, and development of Customer Experience tools.
He lives in Philadelphia, with his wife Stephanie, nine-year old daughter Pearl, and two dogs, Emma & Eggy. Outside of work he likes to run slowly, cook adequately, and eat out frequently.
