As we approach the end of National Cyber Security Awareness Month, it’s time to focus on ways to improve your current staff and resources. In light of our country’s current security skills shortage (more than 50 percent of 600+ companies surveyed indicated that it takes roughly three to six months to fill cyber security positions, and even then, available staff may not have the necessary skills to detect and respond to complex incidents[1]), organizations must explore ways to optimize IT and security team functions. Too often a lack of coordination between teams leads to increased inefficiency and wasted effort.

 

If you don’t have an efficient, streamlined patch management program in place, for example, work done in vulnerability assessment (VA) could result in a pile of unread spreadsheets. VA programs are expensive to set up and manage, and usually involve a monthly cost. This means that any month the data isn’t used will wind up being a waste of time, money, and resources. If your IT team is not ready to manage VA, consider having your security team work with them to set up good patch management tools and practices.

 

Sometimes different functional teams want to access data from the same sources. In other cases, data from devices being managed by different teams may not reach its desired destination. Both instances call for monitoring. Take, for example, switches and routers vs. ingress/egress devices on the network. Traditionally, ingress/egress (firewalls) are configured and managed by the security team, and internal switches and routers are managed by the networking team. However, each team would benefit from sharing information. Perhaps there should be internal firewalling between organizational teams: finance and human resources, sales and marketing, engineering and product management. If these internal firewalls are being implemented with access control lists on internal systems, does the networking team configure and manage these devices, or does security? 

 

Another area of best practices sharing could come from change management. In many organizations, change management is either overlooked, or not practiced consistently across teams. Look inside your organization and see which team has more maturity in process, tools, and efficiency for change management. This might be the applications team, the IT team, the networking team, the security team, or maybe even DevOps. Setting up best practices leads across functional groups encourages communication, creates a culture of cooperation rather than antagonism, and helps mitigate staff shortages.

 

A 2012 Chicago School survey of job satisfaction[2] indicates that an important component of job satisfaction comes from being recognized for using inherent skills and abilities. In cross-functional teams, employees are encouraged to share their skills and abilities with a broader audience, which leads to improved processes and greater job satisfaction. 

 

As Henry Ford stated, “Coming together is a beginning. Keeping together is progress. Working together is success.”



[1] http://thehill.com/blogs/congress-blog/technology/239113-cybersecurity-talent-worse-than-a-skills-shortage-its-a

[2] http://psychology.thechicagoschool.edu/resource/industrial-organizational/determinants-of-job-satisfaction-in-the-workplace