In this chapter, we’ve described how information security teams need to work with their customers and stakeholders to establish a risk management framework based on the company’s defined risk profile by implementing the strategic risk concepts of risktascity. Furthermore, we have discussed that although managing risk is a critical element of all cybersecurity programs, there are other factors which are equally essential to increasing maturity. The other factors include building and sustaining the right relationships, both inside and outside of the company; establishing a culture of cybersecurity—a mental model of safety for all members of the company, not just the information security team; focusing on performance measures that both demonstrate the contribution that the information security team has to achieving strategic business outcomes as well as ensuring that the information security team is invested in personal growth and wellbeing; and the role of the CISO in cementing the tone from the top related to customer intimacy, empathy, respect, engagement, inclusion, development, and continuous improvement. An information security team will be constrained in its effectiveness if it focuses only on securing the enterprise at the expense of important business outcomes and experiences. In this context, developing emotional intelligence and empathy in our cyber warriors will exponentially improve cohesion and continuity and significantly reduce derision, distrust, distain, and cultural declination.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
J.R. Williamson is the Senior Vice President and Chief Information Security Officer for Leidos. Previously, he held positions at Northrop Grumman, serving as the Corporate CIO, Deputy Chief Information Security Officer, Chief Engineer, Chief Technologist, Director of the Enterprise OneNGC Program Office, and Executive Director of IT Infrastructure and Enterprise Services Operations. Prior to Northrop Grumman, Mr. Williamson served a 4-year stint as a civilian working for Headquarters, United States Marine Corps in the Special Services unit. Mr. Williamson holds a bachelor’s degree in decision sciences and information management from George Mason University and a master’s in information systems from Virginia Tech.