As we know
today, CISOs all across America (and for that matter, the entire world) and their
respective IT Security teams are always fighting ongoing battle trying to keep
up with the latest threat variants. Given
all of this, there is a tremendous amount of fatigue that takes place over
time.
One of the
best examples of this is that of “Alert Fatigue”. This is the where the IT Security team gets
so flooded with alerts and warnings that they tend to overlook the real ones.
But can you
believe that despite all of this, there is yet another phenomenon that is
called “Boredom”? Well, it is a
reality. You may be asking right now,
what causes this, if they are so busy trying to put out fires? Here are some of them:
1)
Technical
Debt:
This
happens when the IT Security team simply gets so overloaded with stuff that
they simply push aside the smaller, easier tasks that need to get done, and over
time, it becomes a monumental headache for them to handle. A good example of this is the deployment of
software patches and upgrades. Despite its level of importance, this is an often
an overlooked task. But when it comes
time to deploy them, there is a lot of work to be done which can take days to
accomplish with a lot of downtime involved.
2)
No
Innovation:
If
the CISO does not let his or her IT Security team the opportunity to find a new
way to solve a problem, or to use the proverbial saying, “thinking outside of the
box”, boredom will set in. In fact, it
will lead to complete burnout by having to follow the same procedures over and
over again. Also, there is a good
likelihood that your employees could just easily quit if they feel that their
ideas are not being heard.
3)
No
Education:
There
are some employees in the workplace that are merely happy with just punching the
clock, but then there are those who want to learn and grow. In fact, you, the CISO should take a
proactive role in encouraging the latter.
Probably one of the bests ways is to encourage the members of your IT
Security team to pursue the relevant Cyber certifications that are relevant to their
job titles. Of course, to dangle a carrot in front of them, you should also
offer to pay for the training and the exams, within reason of course.
So, now how do
you, the CISO, actually alleviate this problem?
Here are some tips:
1)
Give
Space:
In
the Cyber world, there is no such thing as a free moment. But, in order to alleviate boredom, try to
encourage the members of your IT Security team try out their new ideas as they get time. Of course, this should be done in a test
environment, not the production one. Perhaps
even consider holding contests and awarding a cash prize to the most innovative
solution. You should try to do this at least
once a quarter.
2)
Use
Automation:
Many
companies are now adopting the usage of Generative AI in order to help automate
some their more redundant processes.
This is especially true also in the Cyber world, when it comes to Penetration
Testing and Threat Hunting. While one of
the benefits of this is that more attention can be paid to your customers, one
of the others is also that it will give the members of your IT Security team that
extra time to further experiment with their ideas and possible solutions.
3)
Give
Ownership:
In
this instance, rather than giving all of the duties to your IT Security team,
break them up for each and every member.
In other words, you are giving each individual a sense of “ownership”. For example, assign the tasks of
investigating and deploying software patches and upgrades to a couple of
them. Try to set forth KPIs on this, and
reward them if they are met or exceeded.
This is yet another great way to build up the level of motivation amongst
them.
4)
Provide
Training:
You,
the CISO have the ultimate responsibility to keep your IT Security trained in
the latest happenings of the Cyber Threat Landscape. This is best done by having training sessions
at least once a month, if not more. Try
to keep these training sessions interesting and competitive, by using the concepts
of Gamification.
My
Thoughts On This:
If you don’t
keep your IT Security team engaged, and not bored, one of the worst consequences
of this that simply won’t care about doing their jobs at all. This cannot happen in the Cyber world, where
there is so much at stake. Remember,
that in the end, it all takes a show of appreciation. Give your members a pat on the back, and try
to reward them as much as possible, even by simply taking them out to lunch or
dinner.
And remember,
as it was mentioned before, offering avenues for further education is probably
one of the greatest benefits that you can offer. Humans always have a sense of wanting to
learn more, so take advantage of that for the sheer benefit and protection of
your company!!!
No comments:
Post a Comment