Heroics are a great indicator that something is broken in a cyber security program.
And, yet, some cyber programs thrive on them.
Regularly hailing and rewarding the heroes.
Heroes that learn over time that it’s better to fight the fires and receive the accolades than find and fix whatever is broken. Sometimes, building a personal brand as a hero.
Leaving an immature cyber program that stagnates as a result.
Take a different path.
Reward the hero(es) and then also reward those that ensure that the issue never happens again.
Remove the need for a cape.
Less heroics. More leadership.
Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.