What’s the goal of our cybersecurity program? How much security do I need? Have I done everything necessary to protect my business?
I’ve been asked, and have asked myself, these questions countless times through my career in technology products and services. As an IT leader, I’m sure that you grapple with these same questions. Perhaps even more, though, I’m sure you’ve struggled with the deeper questions of rallying and motivating your organization: questions of meaning.
In my experience, there are three core things necessary for IT leaders to create a persistent, sustainable, and exceptional security program for their organization. These three things aren’t tangible or tactical solutions, but rather basic human needs that motivate teams beyond anything that a tool can provide. These three needs are: a sense of purpose, a sense of autonomy, and a sense of mastery.
In this blog, I will look at the importance of these three concepts to IT leadership, and how they impact and are impacted by cybersecurity. We will also examine how collaborative MDR services such as those offered by ActZero — far from diminishing these attributes — foster their development.
Plans Flounder without Purpose
Perhaps it goes without saying: you need to clearly articulate the problem before you can solve it. A sense of purpose is fundamentally important to IT leaders, whether looking at cybersecurity, application development or service delivery or any need. Sure, we are master problem solvers and are typically able to solve even the most poorly or ill-defined problems when we understand the goal. But how can we solve the hard-to-tackle issues without understanding and defining what we are trying to achieve? Worse yet, how do we fix problems when the measures of success are constantly changing or frequently misunderstood?
Practically, though, maintaining purpose is no easy task. IT leaders face an onslaught of daily issues that pull their teams away to act as firefighters on spontaneous ad-hoc problems, stealing them away from the big picture. Lack of focus and schedule fragmentation are the enemies of purpose, but purpose is also the antidote! With a strong sense of purpose, priorities become clearer and alignment is easier to achieve. The path may still be challenging, but the destination will be clear. Anything else is noise.
Autonomy is Essential to Reaching Goals
You understand your purpose better than anyone and you need autonomy to act on your instincts and skill. Autonomy therefore is key to achieving one’s purpose. Part of excellence at solving outside-the-box problems is through testing, evaluating, and discovering the best solution. How can you reach the best solution without the unfettered ability to chase multiple avenues in pursuit of purpose?
On a philosophical level, often the problems we as leaders solve have never — or have rarely — been seen before, and those problems are unique to our organization’s DNA. Solving them often requires deep contextual understanding of the problem and the ability to freely shape (and reshape) our infrastructure , environment, and circumstances trusting in this understanding.
Mastery comes from Continuous Improvement
At its heart, mastery is about two things: growth through continuous improvement, and the ability to reach increasingly challenging goals while executing on your vision. Purpose helps clearly define your goals and KPIs and autonomy provides freedom to problem solve, mastery is the measure of the skill gained through achievements along the way.
At ActZero, Continuous Improvement to achieve mastery is one of our four core values. Our values are at the heart of everything we do: from talent acquisition, to employee growth, to customer service, to product management. Mastery is a journey, not a state. We deepen our skills and capabilities every day and we celebrate achievements along the way.
Applying Purpose, Autonomy, Mastery to Cybersecurity
While the three core needs of purpose, autonomy and mastery are vital for all IT activities, IT leaders will find additional challenges when applying the needs to cybersecurity.
At our best, IT’s purpose lies in creating an environment that drives business value through the use of technology. The purpose of an effective cybersecurity program however is to mitigate cyber risk thereby protecting the business and its technology from compromise.
Autonomy too must be handled differently when applied to cybersecurity. Freedom must be carefully balanced with access management; transparency must balance with trust. Autonomy can only exist if those playing security roles — such as remediation, training users, hunting threats, identifying vulnerabilities, etc. — are clearly defined and understood.
The staffing issues faced around keeping to one’s purpose and maintaining autonomy are exacerbated by the shortage of highly-skilled security talent. With cyberattacks steadily rising in frequency and intensity every year, competition for such talent has become extreme. Estimates of the global shortage for this year were pegged at 3.5 million unfilled cybersecurity jobs — a 350 percent increase in open cybersecurity positions since 2013.
This significant talent shortage makes achieving mastery in the cybersecurity discipline organization-wide troublesome to say the least.
Collaboration to Achieve Meaning
ActZero helps you to satisfy the three core needs we’ve been discussing through collaborative partnership. Here’s how:
- Purpose: From the beginning of our relationship with you, we work to understand your unique cybersecurity goals and couple them with our expertise to clarify your purpose. Then, through our thorough reporting dashboards, our purpose and goals, as they relate to cybersecurity, become clarified and the progress towards them is easily shared.
- Autonomy: As noted, autonomy is only appropriate in cybersecurity with clearly defined roles. By providing a clear separation between those identifying vulnerability and threat hunting — namely us — and those remediating, configuring systems and training users, ActZero enables autonomy. You get transparency into work done by ActZero and context into how this work helps you achieve your purpose.
- Mastery: While ActZero continues to continuously improve our service in pursuit of mastery, you too can work toward mastery by leveraging our vCISO consulting practice to provide thought leadership, compliance advice, and cybersecurity best practices. Likewise, our portal provides materials to allow you to achieve mastery in a more self-directed way.
More than any IT discipline, too often in cybersecurity is purpose kept loose or ambiguously defined, with poor role descriptions affording limited autonomy, and little direction toward achieving mastery. Partnering with experts can help satisfy these necessary traits, and ActZero can show you how without losing any of your control and autonomy, but rather by enabling it.
To learn more about how we’ve applied the principles of Purpose, Autonomy and Mastery to our Customer Portal and Maturity Model, check out our recent fireside chat with Ronnie Duan, Senior Product Manager.