As security practitioners, we often forget the human side of cyber.
Someone clicked on a link, entered valid credentials, or put some hardware online without following security standards. Perhaps even a security team member that made a bad decision or missed a key detail.
They’ve made a mistake that put the company at risk or, worse yet, created a security incident leading to a breach.
Some cyber professionals react in an empathetic way. Others are incredulous.
Meanwhile, the employee can often be close to tears fully knowing that they made a mistake.
So, while we as cyber practitioners talk about the importance of “people, processes, and technology”, we pretty much only focus on the technology and maybe sometimes talk about the process.
But it’s the people that need our help most. And our empathy.
Nothing can change the past. Let them know that they simply made a mistake. And how to proceed in the future. Bring them back into the fold, back to the family, back to “people.”
Do this in an empathetic way, and they’ll likely remember this lesson better than any cyber security training video.
Even the nastiest incident represents an opportunity to connect with people, and have them push the cyber program forward.
One person becomes the building block for people.
Make the most of each one.
Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.