Defense in Depth

Feb 27, 2020

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-toxic-security-teams/)

There's an endless number of variables that contribute to creating a toxic security teams. How does it happen, and what are ways to manage and eradicate the toxicity?

Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Jinan Budge (@jinan_forrester), principal analyst serving security & risk professionals at Forrester.

On this episode of Defense in Depth, you’ll learn:

• Toxic security teams happen because of tribalism, not just within security, but across all departments.
• Security is seen as an expense and an IT problem and many don't think it's everyone's issue.
• One core issue is the lack of security culture and management simply not supporting the InfoSec team's efforts.
• There are many ways a security team's culture can become toxic. The issues are so numerous that it seems more of a challenge to prevent a team from its natural tendency to go sideways.
• The hero mentality of one individual, who thinks only he/she can solve the problem, can poison an entire group.
• It can be argued that it's an issue of ego, but many see it as insecurity. Often the individual needs to prove to themselves and others in order to maintain their cybersecurity rockstar status.
• A toxic security team will have a very hard time hiring new staff. People will leave and tell others you don't want to work there.
• If you have a diverse team and there's toxicity, the team won't last.
• There's an enormous cost to disengaged employees.