One tip for security managers to keep teams fulfilled | Guest Cicero Chimbanda

Okay, today, on Cyber Work Hacks, my guest is InfoSec skills author and teacher, cicero Chimbanda.

Now, cicero's skills path concerns building the soft skills needed to succeed in the role of cybersecurity manager. So for today's hack, cicero tells us his best tip for cybersecurity managers to keep their security teams fulfilled and connected. As we speak, many companies are entering their Q2 and Cicero has great advice for taking Q1 successes or not successes, and using the framework to reinforce the connection between the team and leadership and being a conduit that moves between each of them. There's some excellent advice for cybersecurity managers of today and for cybersecurity managers yet to come. So to keep it here for today's CyberWork Hack.

Hello and welcome to a new episode of Cyber Work Hacks. The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight in how to utilize InfoSec products and training to achieve your work and career goals. So for today's hack, my guest is my longtime friend and InfoSec instructor and collaborator, cicero Chimbanda. Now, cicero has been a guest on CyberWorks several times discussing his specialty, which is the soft skills needed to be an effective cybersecurity manager, so I'm hoping you can go back to our YouTube page or our podcast page and look up Cicero's past episodes, because they're all great. So today I'm going to be talking with Cicero about a series of hacks for security managers and the security managers who are yet to come. So today's hack is very straightforward, so I'm just going to get into it. So, first off, cicero, thank you for joining me today on CyberWorks Hacks.

Thank you, Chris.

That's great, yeah, great, to have you back. Absolutely so, cicero, this is going to be a different kind of hack today. It's answering a single question, but it's kind of an open-ended one. So I hope you'll indulge me. Cybersecurity managers have a lot of obligations to their company. They have to keep them secure, they have to keep the methods and tech they use relevant and up-to-date and in line with budgets and, importantly, security managers need to manage their security team. So, based on your teaching and personal experience, what is your one biggest tip for security managers that they can implement immediately that will keep their security team more fulfilled, cohesive and, in general, feeling like they're a vital part of the security team and the company?

Chris again, thank you again for having me. I think it's a great question, a key question, and I don't know when your audience will listen to this, but I will make it universal. I think, first of all, staying strategic. I think that's always key Not being lost in the weeds, but one thing that one can do right now we're ending, we've just ended Q1 and we're beginning Q2. And one of the ways to stay strategic in your role as a security manager is to always I like to call it the head and tails. You know, if you look at a coin, you got a heads and tails and it's a look in and look out. That's how I look at it. And so looking in, and Q1 just finished how I look at it. And so looking in and Q1 just finished.

I think one thing as a manager, you want to make sure you're tracking your people's strategic projects. So how did it go the first Q quarter? Okay. Now, if you're in a different quarter, you could do the same, depending on what quarter, and just making sure that your team they're not facing any roadblocks if there's projects associated, Giving constructive feedback to your team. And I think one other thing is revisiting the training for your year. Making sure that your team has looked into what are the training courses they're going to take, what conferences they're going to go into, conferences they're going to go into if they're going to do anything this year. So making sure that your team feels like, hey, you are behind their strategic initiatives. So that's a looking in within your team, but you also want to make it relevant to the business, as you asked, and that's to look out, and that's to look out. So Q1 is finished, Q2 is about to begin.

No-transcript embed myself into their meetings, bring a couple of my senior members with me and to communicate hey, here's what we're doing as a cybersecurity. These are big initiatives. This is how it's going. We're just finished Q1, giving them a sense of, hey, we are working on your behalf. But number two, asking the question and listening to the business units how is it going? How are we doing as a cybersecurity department or organization? Because we don't want to just be again the no department. We want to be the enablement and the secure. We want to make sure that they know we are aligning our projects to their business initiatives. So that's really a key component of what I would say one can do right now.

Yeah, I think that's a really great point, and especially, I think, because we don't really think about it all the time. But Q1 starts right after. You know what, for a lot of people, is kind of a holiday year reset, and you're you know the first quarter is spent. You're sort of working your way back up to it. So as you start Q2, it's important to see what was happening in this sort of odd times or whatever, and how you can be sort of this two-way conduit. You're making sure that you know your team's goals are being, you know, communicated to the leadership and leadership's goals are being communicated to the team. So I think that's a really great insight and a really great sort of focusing mechanism for you at this point in your journey. So, if any, are there any challenges in implementing a change like this? What do you think are the challenges in getting this started?

Great, great, again, great topic. So I think the first one is there's going to be negative dynamics. You know, whenever you're asking to, you know, unravel or lift up the leafs, you're going to find something, and so negative dynamics are going to come up in your teams. There's going to be some conflict resolution. You're going to have to play that mediator in your team. So you want to get rid of all those obstacles at the beginning. Don't wait till they surface and they become a problem. So if you ask the questions, how's it going, how are things going with the teams, if there's smaller groups or project teams that are working for the first time, just asking those questions, so those dynamics will come up. Just be ready to address them. The other one is one thing that I love.

People can get lost under specific rules as they're hitting in the ground. You know some people might overreach, they might get off of their lane, they might not be in their lane. So it's a good time to reaffirm people's roles and responsibilities. Hey, remember, yes, you're doing this, you're getting caught up on the day-to-day mundane, but remember your role is you're an administrator for this appliance. Your role is for training the users, for user awareness. Your role is. So reaffirming people's roles and responsibility can help them stay in their lane. So reaffirming people's roles and responsibility can help them stay in their lane. And then, lastly, I would just say people sometimes may be timid, may not be, may be insecure. So empowering your employees, reaffirming that you are behind them, and so those are the things that I would say. These are some obstacles that might surface as you are unraveling these questions.

Those are great things to watch out for. Is there a first step that you could take to make this process get underway today, after you're watching this podcast?

Schedule the meetings Calendar.

If you got calendary, like my good friend Chris has, you know, start putting out in your calendar when you want and you know when you want to meet with your team individually, collectively, and when you want to get on the calendars of the business units. Business units are busy, they have speakers. So I actually just did that two weeks ago and I got myself an agenda of my strategic business units. They got me lined up, they gave me the topic I'm bringing in. So just get in the calendar of your business units. They got me lined up, they gave me the topic I'm bringing in. So just get in the calendar of your business units and get your employees in your calendar.

Yeah, that's a great prompt, obviously. So you have a hard date in your calendar. It's time to make action there. So, as I said at the top of the episode, cicero has a learning path on InfoSec skills pertaining to security manager soft skills. So, cicero, what will Inf?

Yeah, I'll start off with the strategic. We're talking about being strategic, so, as soft skills, we use the model which is STS, which stands for strategic security. So we want to make sure we're staying relevant with the business units and an industry focus, whatever industry health care, financial, government or even non-for-profit if you're a non-for-profit, so stay strategic. The other thing you'll learn is the T, which stands for trust. Trust is to understand the rules of the road, the course. I just finished running a half a marathon over the weekend. I like to run and thank you, and it was a course that I've run before, but they changed the course, so I needed to make sure I looked at the course before I ran. I didn't, you know, and it's the same thing in our industry, rules change. You know, the government regulatory, so we need to stay of what the rules are. And then, lastly, the S is stability the rules are. And then, lastly, the S is stability. You'll learn how to make sure your cybersecurity is aligned, to make sure your company stays stable.

Love it All right, that's a great summary there. So, Sushant and Banda, thank you for providing our listeners with your management and leadership insight. This is great to talk to you again. Thank you, Chris, and thank you all for watching this episode. Now, if you enjoyed this video and felt it helped you, I hope you'll share it with your colleagues and on your forums and your social media accounts, and please like, subscribe.

If you have a place to review, please review our show on your podcast feed or your YouTube page. Just type in Cyber Work InfoSec into any of them and we'll pop up like magic. We're actually surprisingly easy to find, despite the very universal keywords, but there's plenty more to come for learners of all levels. So if you have any topics that you want us to cover, just drop them in the comments below. But until then, I will see you next time. And for Cicero Chimbanda and I, happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12th most in-demand cybersecurity roles. I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence. I'll see you there.