Failing isn't a dirty word

When it comes to your security awareness program, are you often fearful that your program might be falling short? Does it feel like you’re on the brink of failing? 

That might be a good thing.

During a morning keynote session from RSA Conference, Change Your Approach to Get it Right, the hosts, IBM Security execs, Mary O’Brien and Caleb Barlow, challenged the notion of striving for perfection and indicated we need to look to build a culture that knows that failing is a part of getting better. They believe it is the basic element of progress.

“We’re chasing the idea of perfect security, but I believe we’re not winning the war,” O’Brien, General Manager of IBM Security suggested. “What will it take? We need to create a mindset that this isn’t just about improving tech, but instead about process and people.” 

Is it time to change your awareness program playbook? O’Brien spoke about letting go of perfection. Humans don’t play by the book. Neither should awareness programs. Instead, awareness professionals should strive for agility. 

Change in security fundamentals is coming, and it is coming fast. O’Brien believes the infosec sector is about to be massively disrupted because the IT landscape has started to shift. She spoke at length explaining that to get ahead, people need to think about the guiding principles of being agile. Not just a new way of developing something, but instead responding to change, rather than following a rigid plan. 

As the leader of your security awareness program, it is your responsibility to empower your teams to come back up if they get knocked down and interpret it as motivation to get better.

But Caleb Barlow, IBM Security’s VP of X-Force Threat Intelligence asked, “Are you ready?”.

He iterated that as security professionals, you need to ask this question to yourself and your teams on a regular basis. “It is your duty to respond when called upon. It is your duty to act,” he said. It is important in your role to be able to make decisions faster than the adversary. Think on your feet and work smarter than the cybercriminal.

“If we look at major breaches over last decade,” he said, “lackluster response often causes more damage than the breach itself.”  As security professionals, he believes it is necessary to stay on your toes, keep agility in mind, and be ready to not only act, but also be decisive in your actions. “Not making decisions ismaking a decision. And that is often damaging,” Barlow warned. 

Preaching the importance of agility is motivating, of course. But how do you begin building an agile security culture? Barlow outlined the three important steps: 

  1. Define your communication intent. Be prepared to empower yourself and your teams to pivot and respond without compromising.
  2. Seek diverse voices. 
  3. Collaborate and demand open tools to better your program.

Are you ready to be the cyber first responder your organization needs? Ultimately, the endeavor toward being a successful security awareness professional in 2019 comes down to one simple action: Pivot


2019 EndUser Training Series

If you’re looking to build a stronger security awareness program and need the tools indicated in this keynote session, let us help.

We can strategize a successful training program for you and your end users.

Learn More