Cyber security programs have a strong dependency on other
teams for execution to meet the cyber goals of the organization. Other teams
also have dependencies on the cyber security team. A common response to
requests from either side is “we are too busy.”
On the surface, the answer is clear that they can’t help
because the measure of the current level of activity on the team exceeds their
bandwidth for additional considerations.
But, there has become a certain power in the response of
always being too busy.
So, in the absence of clearly defined priorities or a
specific timelframe of high priority work, what other things might a team (even
the cyber team) actually be saying?
“We don’t want to arbitrarily
say no, but, no”
“We don’t know how to
do what you want”
“We don’t know how to
prioritize”
“Our value is defined
by our level of busy”
The last one is likely the most interesting because constant
busy activity leads to constant firefighting which presents many opportunities
for heroic actions. Strange, but all too
commonly true.
So, when a team says no, whether a partner team or your own,
it’s important as a cyber leader to engage and understand the clarity and
communication of priorities, training, resourcing, and capabilities.
Lastly, a quick gut check may be in order to see if the team
is finding too much value in their level of activity. So much value that they aren't doing the things they need to do to continually improve.
Being busy as a team is only valuable to a point.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment