As security practitioners, we often forget the human side of
cyber.
Someone clicked on a link, entered valid credentials, or put
some hardware online without following security standards. Perhaps even a security team member that made a bad decision or missed a key detail.
They’ve made a mistake that put the company at risk or,
worse yet, created a security incident leading to a breach.
Some cyber professionals react in an empathetic way. Others
are incredulous.
Meanwhile, the employee can often be close to tears fully
knowing that they made a mistake.
So, while we as cyber practitioners talk about the
importance of “people, processes, and technology”, we pretty much only focus on
the technology and maybe sometimes talk about the process.
But it’s the people that need our help most. And our
empathy.
Nothing can change the past. Let them know that they simply
made a mistake. And how to proceed in the future. Bring them back into the fold,
back to the family, back to “people.”
Do this in an empathetic way, and they’ll likely remember this lesson better
than any cyber security training video.
Even the nastiest incident represents an opportunity to
connect with people, and have them push the cyber program forward.
One person becomes the building block for people.
Make the most of each one.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment