You’re in Information Security. How do you build relationships with people outside your department?

As a CISO, my approach during meetings with business or IT stakeholders is to actively listen to their main interests and concerns. I begin by asking clarification questions, allowing them to elaborate on their thoughts. Often, security discussions don’t arise until the mid-point of the meeting. I tailor my questions to the current context, ensuring relevance. My focus lies on the “why” and “what’s in it for them” aspects. I wrap up with key takeaways and follow-up action items. Timely commitment fulfillment is crucial for maintaining trust and collaboration.

Information Security is never an isolated requirement, and would not exist without proper integration with the business. No matter what business you are in, security has to compliment the needs of the business. Starting from that point makes building relationships with people out of the department easier. Discuss how security can enhance the business rather than impact it negatively. Try to understand what your colleagues do, and then come up with innovative ideas to make the process more secure without impacting their job. Sometimes, the solutions can actually improve their output, making it a win-win situation. Finally, try moving away from technical discussions, and focusing on translating any idea into business terms.

Find common ground by identifying common goals you share with colleagues in other departments. For instance, Data Privacy Office wants to prevent a data breach that could damage the company's reputation. Another thing is to learn the challenges and priorities faced by other departments. This empathy can help foster a more collaborative environment and tailor security recommendations to their specific needs. At the end of the day, Information Security's role is not to hinder the business with myriads of security controls but to enable them with their needs.

Spend more time listening than talking. In doing so, you're better positioned to bring aligned security solutions that allow for secure and enabling business outcomes.

Avoid industry jargon and focus on what matters to your stakeholders. For example, instead of focusing on lateral movement, rather discuss the impact of financial fraud and business email compromise on the organisation, and how cybersecurity can assist in that regard. Always keep in mind that cybersecurity is a business enabler.

As an information security professional, 00100000 01101001 01110100 00100000 01101101 01100001 01111001 00100000 01110011 01100101 01100101 01101101 00100000 01101100 01101001 01101011 01100101 00100000 01111001 01101111 01110101 00100111 01110010 01100101 00100000 01110011 01110000 01100101 01100001 01101011 01101001 01101110 01100111 00100000 01100001 01101110 01101111 01110100 01101000 01100101 01110010 00100000 01101100 01100001 01101110 01100111 01110101 01100001 01100111 01100101 00101110 00100000 01010100 01101000 01100101 01111001 00100111 01101100 01101100 00100000 01100110 01101001 01100111 01110101 01110010 01100101 00100000 01101001 01110100 00100000 01101111 01110101 01110100 00100001

This!!! ?? As an information security professional, 00100000 01101001 01110100 00100000 01101101 01100001 01111001 00100000 01110011 01100101 01100101 01101101 00100000 01101100 01101001 01101011 01100101 00100000 01111001 01101111 01110101 00100111 01110010 01100101 00100000 01110011 01110000 01100101 01100001 01101011 01101001 01101110 01100111 00100000 01100001 01101110 01101111 01110100 01101000 01100101 01110010 00100000 01101100 01100001 01101110 01100111 01110101 01100001 01100111 01100101 00101110 00100000 01010100 01101000 01100101 01111001 00100111 01101100 01101100 00100000 01100110 01101001 01100111 01110101 01110010 01100101 00100000 01101001 01110100 00100000 01101111 01110101 01110100 00100001.

Para garantir boas rela??es, se interesse de verdade em conhecer e ouvir o seu colega (entendendo suas dores, anseios, necessidades e buscando por solu??es conjuntas), saiba “dividir o queijo”, busque por rela??es fidedignas, honestas e de longo prazo. Assim, muito provavelmente, conseguirá construir boas parcerias com colegas de outras áreas, como Riscos, TI, P&PD, Jurídico, Governan?a de Dados, dentre outras.

Regularly communicate with colleagues in other departments to understand their needs, concerns, and priorities .Offer security training sessions tailored to different departments' needs to increase awareness and knowledge about security best practices. Provide timely and constructive feedback on security-related issues or incidents to help other departments improve their security posture, and offer support when needed.Tailor security solutions and policies to fit the specific needs and workflows of different departments, rather than imposing one-size-fits-all approaches.

Using shared language can assist in communication- the universal language of risk is a great option. From finance to HR and IT, risk is something everyone can apply directly to their own situation. Build bridges of understanding and foster the maturity of the discussion over time.

For cybersecurity efforts to be truly effective, it's essential to not just implement policies and procedures but to also ensure everyone within the organization understands the 'why' behind these measures. This involves clearly communicating the vision and rationale for cybersecurity initiatives in a way that resonates with individuals across different departments. By educating and empowering your colleagues, you help them grasp the importance of security practices, not as mere mandates but as critical components of the organization's overall health and success. ALSO, MAKE IT FUN! Security needs to be approachable!

Mi propósito es convertir a cada uno de los usuarios en un agente capacitado en seguridad y proporcionar las herramientas y conocimientos

Information security is domain but protecting data in an organizations is each and every employees responsiblity Understand They roles and expectations of each department., should clearly define roles in it, such as if something goes wrong whom to they contact, how to report, how to handle Awareness should be created on regular basis Encourage and involve them cybersecurity awareness training and quiz

Security testing can be fun and exciting, just show a couple of examples how to exploit simple vulnerabilities, deploy a special application like WebGoat and take it's access metrics, showing the increase in staff engagement.

Best way to connect folks outside the domain is mutual learning. Being from cybersecurity background, you will always have unique value to add to someone’s knowledge base and those informal discussions can help you learn some new avenues as well which we might miss due to focused learning. Such informal discussions are best way to connect, network and learn mutually

Having a collaborative approach is the key to having new ideas. This will boost the influence to let others understand your point.

Collaborating and innovating with colleagues across the company has revolutionised our approach to security solutions. Inviting input and ideas from various departments has not only enriched our security strategies with diverse perspectives but has also fostered a sense of ownership and responsibility towards organisational security.

Be a colleague and partner, not a cop. If people see you as the Judge Dredd, they're more thank likely yo be unwilling to work with you and listen to what you have to say.

Promover discuss?es que consigam conectar os temas ligados à seguran?a com necessidades do negócio e novos projetos, demonstrando que podemos agregar valor com a redu??o de riscos operacionais/ estratégicos/ tecnológicos de maneira descomplicada criará uma rela??o de confian?a que se consolidará a cada nova demanda. é muito importante manter também rela??es após implementa??es, acompanhar o dia a dia para que Seguran?a seja vista como uma área parceira e habilitadora e n?o uma estrutura que dificulta e bloqueia recursos.

No doubt you will have shared common risks, goals, or targets. A shared and common motivation to ensure that data is secure, is used properly, and that teams are properly supported to work within security requirements. Anchor yourself around those elements to build the authentic partnership you need to support each other.

Despite my preference for independence, I recognize the importance of networking and building relationships outside my immediate sphere. By making myself accessible and approachable, I encourage open dialogue about security concerns and foster a collaborative environment. This helps in growing my professional network and building a robust security culture across the organization.

Giving back is critical in any professional field, information security is so nuanced that practical experience trumps what's in the books, always be willing to ask for and give help freely. Goes a long way in making others appreciate your point of view.

Work hard to build relationships with people at other organizations and in other departments. Grow your personal brand and expand your personal network. Take advantage of social media - read and post articles in areas of interest. Follow individuals in your profession online. Take advantage of gatherings where you can interact with other professionals and share ideas. By growing your personal network, you are also growing your foundation of knowledge. These are the people that you can lean on in the event that you have a question about something and need direction on finding an answer. Or maybe they have the answer - even better!

Cybersecurity is considered by many as a "niche" but at the same time they admit that cybersecurity is connected to all kind of peers and departments in all organisations. This makes mandatory for cybersecurity specialists to develop soft skills in communication and not only be able to present slide decks or talk about a/your specific subject(s). So to me it's important not to only participate to cybersecurity events but also be curious in many domains and have conversations on all kind of subjects. Being present at non-cybersecurity event is one way to reach different kind of profiles and to enhance the horizon.

Mettre le réseautage en 5e position est pour moi une grossière erreur ... Travaillant dans la cyber sécurité depuis plus de 25 ans, j'ai rapidement compris que le plus important était de partager les expériences; partager en toute confiance des informations pour que chacun puisse grandir et progresser dans son quotidien... simplement... et même (le plus souvent) de manière désintéressée... en tout cas pour moi c'est le plus important et ?a a toujours été ma caractéristique de vie ... et pas uniquement dans la cyber

I think celebration and appreciation is one of the most overlooked components of building relationships of any kind. In terms of at your place of work outside of your department, publicly showing appreciation and celebrating good and hard work can go a long way in building lasting relationships that get things done.

Implement process in organization to participate in security activities, like any one can report security incidents, vulnerabilities, loop holes in org. And ensure all the activities are taken care and appreciated.

Celebrating and appreciating with teams in cybersecurity, as with any other field, is important for fostering a positive and collaborative work environment. We can celebrate successes such as successfully mitigating a security threat, completing a project milestone, or achieving a security certification. Appreciating team members can involve recognizing their hard work, innovative ideas, and contributions to the team's success.

Utilize collaboration tools to facilitate communication and knowledge sharing with individuals outside your department. Platforms like LinkedIn, intranets, and project management tools can help foster collaboration, streamline workflows, and encourage innovation .

In my experience, fostering a culture of celebration and appreciation is vital for cultivating relationships beyond the Information Security domain. It's about authentically acknowledging the unique contributions of my colleagues, instilling a sense of value and belonging. Sharing successes and lessons learned promotes transparency and mutual growth, igniting collective enthusiasm and resilience. Expressing gratitude and commemorating milestones consistently enables me to nurture a culture of positivity and camaraderie, strengthening bonds and collectively propelling the organization towards shared goals.

Trust. This is the currency of business. Everything you do as a security leader needs to help build, maintain, and protect the trust you have built with your constituents. Trust comes with the basic components of consistency, transparency, and intent. Do you consistently act in a trustworthy way? Are you transparent about your goals, intent, and decisions? And lastly, is your intent good, meaning, do you have others best interest in mind, or just your own? Build trust, you can build relationships, which then build influence. Which allows you to work closely with your business to bring good risk decisions to your organization.

Building relationships with people outside of the information security department is crucial for effective collaboration and alignment of goals. This can be achieved through cross-functional projects, regular communication, consultation & support, social activities, feedback and collaboration. By actively engaging with colleagues outside of the information security department and demonstrating your willingness to collaborate and support their needs, you can build strong and mutually beneficial relationships across the organization.

Collaborate across departments for teamwork. Attend non-security meetings to promote collaboration. Network informally to build relationships. Seek feedback on policies for inclusivity. Customize cybersecurity training to be a trusted advisor. Share updates on threats to keep colleagues informed. Keep channels open for reporting incidents. Provide timely support for trust reinforcement.

To resolve conflicts within the IT Strategy team, facilitate open communication. Schedule a team meeting to address concerns, encourage everyone to express their perspectives, and actively listen to each team member. Identify common goals and work towards finding a compromise that aligns with the overall objectives. Establish clear roles and responsibilities, and foster a collaborative environment to enhance teamwork.

In the realm of security software sales, trust is paramount. It's the invisible thread that binds a seller to a buyer, fostering a relationship that transcends mere transactions. Yet, it's not blind faith we're advocating for. Just like in security, "trust but verify" is our mantra. We believe in the power of credibility backed by tangible proof. #SoftwareSales #TrustButVerify #secupi #datasecurity