A CISO’s guide to boosting security awareness and morale in turbulent times
Training tip 1: Preserve and nurture existing talent pool
During periods of business disruption, it’s important to motivate and nurture the security staff you already have. One way to do this is by ensuring that these individuals can work as efficiently as possible and have clear guidelines from managers on what their work priorities are as they become more isolated and separated from normal day to day activities. Security managers shouldn’t be spending unnecessary time trawling reports to look for obvious mistakes, they should be using their time more efficiently during busy periods by working with others to find and solve more important issues and make the most of the time by identifying specific training needs for their teams.
Training your development teams in secure coding practices and all non-technical employees in basic security awareness is a major step organizations can take towards preserving their talent pool, who might be feeling demotivated and overworked during turbulent times as customers demand more output. Not only does this free up time for security engineers to focus on revenue generating initiatives, it helps grow your internal security talent skillset and builds a security first culture from within, which can be extremely beneficial in protecting the business and employees from the surging number of Coronavirus related cyber attacks.
Training tip 2: Motivate and engage through gamification
It’s important for CISO’s to consider how to keep their staff motivated as we’re all separated from each other and go days without interacting with the team. We’re seeing more CISOs rolling out gamified training like Adversary to encourage their staff to interact more and ‘have fun’ in a business context.
Gamification appeals to the competitive nature of developers where they can compete on secure code training against each other via an online portal or do the training at their own pace to suit their individual roles and business needs. Developers can learn how to avoid creating software vulnerabilities from real life hacking scenarios and apply that knowledge to their everyday workflow whilst working at home.
This also helps senior team members, who have more time to focus on business critical work, It’s also important for CISOs to consider what happens to staff when the market goes back to normal, will they be motivated to look elsewhere if they haven’t been offered the right level of support during these challenging times – training is a good method to boost morale.
Training tip 3: Foster security awareness for the long run
For too many companies, regular security training remains an afterthought, however, if you can create some level of normality within your teams through online training during challenging business times you will reap the operational benefits later as staff are more engaged and feel more motivated.
As we all change to new ways of working, and interacting with colleagues moves online rather than face to face – online training like Adversary is a great way to bring teams together through interactive online learning courses which is easy to implement for CISOs via a management dashboard to be able to monitor performance and prove ROI.
Training is often not prioritized during busy periods and it’s increasingly difficult for CISOs to fight for the budget. However, as organizations face up to the reality of the coronavirus pandemic and we batten down the hatches to help prevent a data breach, we shouldn’t be ignored and take an “out of sight, out of mind” approach.
The biggest mistake an organization can make is not starting security training earlier and building awareness into their IT or Development process. Taking a proactive approach and introducing training earlier will have a positive impact on your business in the long term and have a positive effect on staff retention rates as we come out of this crisis.
Future proof your talent pipeline with security training
With the current security talent pool as it stands, it’s simply irresponsible to wait for more skilled security professionals to appear, just as it’s dangerous to wait until you are hacked to implement preventive security measures. Security is now a priority and competitive differentiator to gain customer trust and repeated business.
Growing your own security talent takes time and of course corporate cybersecurity is an immediate issue. The most effective way for the C-suite to address this growing problem is to start investing in your people today so you aren’t left vulnerable in the future.
Adversary builds an online, hands-on secure coding training platform for development teams. Trainees take on the role of the hacker as they complete training missions, earn points, and advance to harder missions. This approach to learning helps companies minimize the risk of an attack by teaching software developers about why vulnerabilities such as the OWASP Top 10 arise and how to avoid them from occurring in the first place.