A common question I often receive from organizational leaders is how to assemble the right team that can ensure their enterprise is positioned to effectively combat the escalating presence of cyberattacks. There isn’t a simple and straightforward answer, but a good analogy can be found in the world of sports.
Think back to 1992, when the USA “Dream Team”, critically acclaimed as the greatest basketball team of all-time, secured the gold medal at the Summer Olympic Games in Barcelona. The Dream Team didn’t just bring home the gold, though. It left a permanent impact on the blueprint of how basketball is played, with ripple effects still visible across the game today.
That team was stacked. Like, Hall-of-Fame stacked – defeating opponents by an average of 44 points per game. From Michael Jordan and Scottie Pippen to Magic Johnson, Larry Bird and Charles Barkley, it possessed every quintessential skillset one could envision in a collection of players. The star-studded squad was comprised of elite scorers, unselfish passers, staunch defenders, physical rebounders, and versatile glue-guys. It had confidence. It had composure. It had grit. And the list goes on.
However, the Dream Team was also a group of alpha mentalities and flashy personalities who were all big fish in their respective ponds. Combining those types of players in that era often caused rifts off the court that impacted performance on it – after all, only one lion can lead the entire pride. But in this case, each individual player decided to put pride aside and accept their role for the betterment of the team. Unity was what fueled their success.
The same lesson can be applied to cybersecurity. To assemble a Dream Team of cyber professionals who can protect enterprises from modern threats, organizational leaders must prioritize the right balance of collaborative minds, complementary specializations, diverse perspectives and – most importantly – a consistent willingness to work in unison. For a cyber dream team, the following three focus points should be at the forefront of organizational hiring decisions.
Avoid the expert’s dilemma
The expert’s dilemma is a mindset found too often among IT professionals in the market today. It’s rooted in hubris, which leads to an inability to understand the importance of constructive collaboration when addressing critical challenges and forgetting that past experiences should inform future decisions rather than dictate them. In the worst cases, the expert’s dilemma manifests itself as a “my way or the highway” viewpoint failing to recognize that one’s own ideas may not represent the best course of action to solve a problem.
Instead of understanding the uniqueness of each situation, taking into consideration differing perspectives of colleagues and fostering a culture of cohesiveness, they operate with blinders on with an inherent refusal to listen. With the expert’s dilemma, even the most distinguished cyber professional with an extensive background and Ivy League education won’t enhance the productivity of the entire team.
The realities of today’s most pressing cybersecurity problems – unstructured data loss, ransomware, insider threats, nation-state actors and supply chain attacks – are too complex to solve in siloes. Like the Dream Team, each member of the organization needs to adopt a unified approach to identify simplified solutions for complex challenges. I’d rather have a dozen individuals with standard competencies but an unwavering willingness to collaborate that a team of the “best of the best” who are so focused on being the best that they can’t see the true value of the team.
Blend complementary expertise and perspectives
Another fundamental component to a cyber Dream Team is the right mix of complementary specializations and perspectives. Michael Jordan is arguably the best basketball player to ever walk the earth, but the real reason he won seven NBA titles with the Bulls was because the skills of his teammates complemented his own finest attributes. When all five players on the court meshed, it created an unstoppable force on both ends of the floor.
Similar to the five positions of a basketball lineup, there are five complementary pillars of CISA’s Zero Trust Maturity Model: identity security, device security, data security, network/environment security and application workload security. When those are leveraged in synchrony, they can create an effective cyber defense strategy.
A cyber Dream Team should field experts from all five pillars. For example, a network security expert believes that fortifying the perimeter with strong external protections that prohibit threat actors from infiltrating the network should be a focal point of defense. But the data expert’s viewpoint is that regardless of the defenses in place, threat actors have the capability to evade them, so the main concern should be monitoring, observing, understanding, and responding to the actor’s actions amidst the breach. When combined, their perspectives create a line of defense for both inside and outside of the perimeter, as opposed to just the former or the latter. Merging these differences of opinion on a greater scale is what develops the versatility to combat any threat.
Hire coaches with (cyber)experience
Rounding out the cyber dream team are the coaches; the CIOs, CTOs and CISOs in charge of positioning their IT team with the right people, strategies, and resources to thrive. It’s also their job to make hiring decisions that alleviate gaps or weak points holding the team back. In turn, effective coaching – meaning creating and executing the organization’s cyber defense strategy – requires extensive experience and a deep understanding of the threat landscape. All too often, business-oriented professionals without hands-on cyber experience serve in CISO roles and lack the knowledge to make critical hiring decisions.
This leads to a heavy reliance on one or more technical experts in the group, which could skew the organization and affect its cohesion. Just like former Bulls and Lakers coach Phil Jackson, who before his legendary coaching career won two championships over 12 seasons as a player, an optimal coach is one who has walked a mile in the shoes of his team. Extensive tactical cyber experience at the leadership level not only generates a better assessment of talent, but also a greater comprehension of the problems being solved.
It’s about the team, not the dream
The best way for enterprises to defend themselves from the escalating prevalence of cyberattacks is by channeling the USA Dream Team with a group of individuals with positive attitudes and diverse skill sets who collaborate, complement, and empower one another.
The effectiveness of a cyber team is less about each individual member, and more about their impact as a collective unit. By adopting this strength in numbers approach, organizations will be better positioned to create their own lasting legacies and overcome the cybersecurity challenges of 2022 and beyond.