Chapter 12 - Developing Relationships with the Cybersecurity Team


In this chapter, we’ve described how information security teams need to work with their customers and stakeholders to establish a risk management framework based on the company’s defined risk profile by implementing the strategic risk concepts of risktascity. Furthermore, we have discussed that although managing risk is a critical element of all cybersecurity programs, there are other factors which are equally essential to increasing maturity. The other factors include building and sustaining the right relationships, both inside and outside of the company; establishing a culture of cybersecurity—a mental model of safety for all members of the company, not just the information security team; focusing on performance measures that both demonstrate the contribution that the information security team has to achieving strategic business outcomes as well as ensuring that the information security team is invested in personal growth and wellbeing; and the role of the CISO in cementing the tone from the top related to customer intimacy, empathy, respect, engagement, inclusion, development, and continuous improvement. An information security team will be constrained in its effectiveness if it focuses only on securing the enterprise at the expense of important business outcomes and experiences. In this context, developing emotional intelligence and empathy in our cyber warriors will exponentially improve cohesion and continuity and significantly reduce derision, distrust, distain, and cultural declination.

Key Ideas
  • Relationships are essential for all successful organizations and tend to flourish within a healthy culture where personnel wellness, morale, inclusion, and mutual respect exists. This is particularly true for the cybersecurity team.

  • There is no one right way to build relationships and culture; different organizations and different business processes require different strategies and assessment depending on inputs like size, industry, and value.

  • Organizations are in the cybersecurity fight together and should be establishing relationships with each other to generate cohesiveness and build a collective consciousness of new and emerging threats.

  • A cybersecurity professional with empathy and emotional intelligence will be far more efficient at building the necessary relationships inside and outside their organization then one without.

  • The Chief Information Security Officer (CISO) of an organization should have clear and consistent communication with the board in order to convey the health and maturity of the cybersecurity team in addition to operational performance and risk management.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity


| 703-907-7090


| 2500 Wilson Blvd, #245
Arlington, Virginia 22201


ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.