Anyone in any organization can become a security leader – you don’t have to have it in a job title.
Fundamentally, being a security leader is about changing people's perspective on what cybersecurity means. It's transforming from 'it's solely IT's problem', into it's an organizational risk that everyone is responsible for managing.
It starts with understanding the fundamental value of security to your organization and the important role everyone can play in proactively reducing risks, spotting and reporting risks in a timely manner and effectively responding to an attack as soon as possible. It evolves into encouraging these kinds of conversations across the organization.
By clearly communicating and engaging people in the cybersecurity effort, you start building a security mindset.
Based on research and our experience in bringing about cultural change with regards to cybersecurity, we've developed three key factors that must be well thought out and included in communications from a security leader.
1. External Validation
First of all, getting buy in from the rest of the employees requires research demonstrating the value coming from the shift in mindset. Whether it's calculating the return on investment, the new projects that will be able to be managed or the increase in productivity, all of those things mean money saved for the organization.
As a security leader, you understanding that this mindset is crucial for your organization, talk to the positive impacts of this new approach.
2. Provide Business Context
Highlight the importance of cybersecurity to your specific company. What would happen if you were offline for one hour or one week? The goal here is not to scare folks into agreeing, it's to open their eyes to the impact cyber attack could have on the organization.
Focus on the big picture, frame initial communications on broad concepts rather than detailed or technological specifics.
3. Bring it back to the individual
It's likely that most folks in your organization don't spend their time reading about the latest cybersecurity threats. They rely on you, as a security leader, to keep them informed on how these threats could impact their work.
Bring up specific examples of how doing their job, more securely can help protect the organization.
As a security leader, you fundamentally understand the value that a security mindset can bring to your organization. It's time to get out there and spread the word to the rest of the organization.
Contributed by Kathryn Chamberlain. Kathryn is a business development officer at Beauceron and a Venture for Canada fellow. Kathryn holds an honours Bachelor of Commerce with a minor in Mathematics from Mount Allison University. Her research interests include organizational behaviour and culture. She can be found on Twitter @_kachamberlain.