The funny thing about cybersecurity is that from an outside perspective, your systems shouldn’t be in the spotlight. It’s counterintuitive. If you’re good at something, it’s usually publicized, right? But in the cybersecurity world it’s the opposite: if you’re good at it; it flies under the radar; if you’re not, word gets out. And when word gets out, it’s usually because of some kind of breach and your users will demand to know the status of their affected data as well as what went wrong. To direct an effective cybersecurity team means to keep your work relatively under wraps. But how do you do that? Leaderships is about more than just public relations. It’s about setting a positive example, recognizing your team’s strengths and areas for improvement, establishing realistic deadlines, identifying the latest technology, developing an educative system to share lessons learned, and determining strategy to implement it for your organization.
The following areas are where effective cybersecurity directorship is most needed:
COMPLIANCE AUDITS
Your risk management assessments will help you determine which security standards should be introduced and enforced. Conducting regular audits will show where your team is working in compliance with these standards, and where they need to pick up the slack. Regular audits will also ensure that your team is using best practices and procedures, while helping to inform your risk management and business continuity plans. Failing compliance audits can be costly in more than one way; it’ll cost you in the long run, but also, you and your team, if not the entire organization, will suffer in terms of reputation. If conducting regular audits is unpopular with company executives, this is an opportunity for you to show your team true leadership.
RISK MANAGEMENT AND ASSESSMENT
As director of a cybersecurity team, you will need to establish the overall goals and security framework for your organization. You’ll need to collaborate with your team on how to define your system and identify your organization’s digital assets. Then you can conduct a vulnerability assessment to identify areas where threats are most plausible. This will give you and your team a sense of the current security landscape and provide you with information to recommend new, or revisions to existing, measures.
When consumer credit bureau Equifax was breached in 2017 exposing the personal information of over 140 million people, a major risk management failure occurred. Equifax was notified by the Department of Homeland Security about a critical vulnerability. Not only did cybersecurity executives fail to communicate the problem and contact their team members to patch the application, the software they employed failed to detect where exactly the patch was needed.
THIRD-PARTY SUPERVISION
If you’re doing work with a third-party contractor, the risk of a cybersecurity threat increases. With more players handling more information, there’s more room for error. You and your team should implement some simple, yet effective, processes so your organization’s and users’ data are safe from any third-party mishaps. For example, a single sign-on (SSO) solution would help alleviate some of the pressure from your team so they can focus on other pressing matters. SSOs aggregate and organize log-in information, and provide you with the ability to monitor access, manage authentication credentials, and enforce security policy.
The day may come that your third-party partner no longer needs access to your systems. Via SSO, you can easily revoke their access. This capability is important so that you don’t need to deviate your team’s responsibilities when they’re working on a project. It also ensures that the third-party can’t gain entry to your security for malicious purposes once a contract is up. In 2016, a subcontractor employed by the Pentagon revealed the personal information of names, locations, Social Security Numbers, salaries, and assigned units for scores of psychologists and healthcare professionals, deployed within the US Military’s Special Operations Command. The breach was due to the subcontractor’s insecure servers, showing just how uncertain third-party work can be.
To effectively direct a cybersecurity team means to exude confidence and leadership, and to possess a comprehensive technical knowledge that benefits your organization, your team, and you. If you have your team run regular checks, comply with industry-wide standards, and implement cutting edge technology, you’ll show them that you know how to steer the ship and how to best use their individual talents collectively.
Tulane University’s online Master of Professional Studies in Cybersecurity Management will teach you the critical nature of cybersecurity issues and how to oversee a highly dynamic team. Find out how you can get your application started today.
