You Need to Know Why Humans Are Now the Biggest Challenge in Security

This year’s theme at RSA 2020 in San Francisco’s Moscone Center is possibly one of the most non-technological sounding concepts imaginable—the Human Element. And yet, many cybersecurity experts speaking during the week-long event will vehemently disagree. In fact, the universal behavior we all display as thinking, feeling and discerning human beings just so happens to also be a major factor in an industry consumed by computing technology. So, how does human behavior throw up road blocks in security and what are experts saying should be done about it? Let’s find out.

When it comes to discussion around data, threats, risk, privacy, management and the drive towards DevSecOps, it’s important to remember the impact human behavior can have on the practical application of these areas, especially in the way it can build (or break down) a positive and productive security-centric culture. Regardless of where you sit in the framework of an organization, fostering diverse, healthy teams—whether it’s dev, sec or ops—is critical to your success. This one tidbit of wisdom is so valuable, it’s serving as the center piece of the one of the biggest security conferences in the world. In fact, industry leaders around the globe put together an entire half-day seminar for RSA Conference 2020 opening day to emphasize the need for culture-building programs, effective cross-team communication, non-traditional hiring practices and programs leveraging talent across all generations, geographies and genders.

From “Come for the Mission, Stay for Culture” to “There’s a High School Dropout Waiting to Rock Your Hiring Manager,” the Human Element agenda was chock-full of insight on how to better leverage common frameworks, inform decision makers in risk management, mitigate new and emerging threats and build a productive security-centric culture. Through this lens of humanity, experts took on some big stumbling blocks in overall security programs, including more sensitive ones, like the downfall of toxic work environments and how competing egos between security and engineering can tank even the best efforts of innovation.

The biggest priority on everyone’s list? The need for more effective leadership. This remains a core issue in the supposed talent gap facing cybersecurity, as well as the efficacy of collaborating teams. According to cybersecurity thought leader, Malcolm Harkins, who presented I Believe, I Belong, I Matter this year at RSA, leadership is not just about sitting in the CEO chair, it’s about the art of mobilizing others to want to struggle for shared aspirations. To achieve this requires nothing more than faith, or an “I Believe” mentality, that imparts a sense of purpose and conviction to team members.

As a figure of leadership, it’s critical to believe your own message, otherwise no one else will believe in the message. After believe comes the need to belong. If you don’t belong, you can’t create a sense of belonging for anyone else. This means feeling genuinely connected to what you do every day because it carries value. And lastly, remembering that everyone matters in an organization is what makes individuals, from engineering to marketing, feel confident, validated and visible. And when development around understanding takes place here, we may begin to see the talent in tech we assume doesn’t exist is actually just potential talent that needs growth and attention to flourish. The more energy and focus we invest in talent, the greater it will become.

Leaders can press their understanding on this issue and boost emotional intelligence by asking themselves:

  • How much potential talent is there in our organization?
  • Are we sufficiently capitalizing on these potential talents? Why or why not?
  • What are the fears and perceived risks gatekeepers have that prevent the entry of potential talent?

In the trio of I Believe, I Matter, and I Belong, sits the ideal state of teamwork, where people feel fulfilled, connected and purposeful. When any one of these three requirements is absent, professional teams lack the “human element” of connection, which in turn pushes them to feel isolated, unimportant and unwanted. This lack of confidence doesn’t just make people feel bad; it can have real consequences on workplace performance. For people, the absence of any one of these three elements can lead to repeat failures, the need to improve execution and a lack of skills and focus when it’s needed most. So, how can leaders make a difference? They can share their “belief” by role modeling it for others, enhance their “belong” by finding a shared purpose within the organization and find ways to make others “matter” by seeing and recognizing team members as individuals.

With all the new technologies, methods and computing strength being used today by both security professionals and bad actors, the human element remains the one constant variable. We are the human element in cybersecurity. It is what joins us together, and oddly enough, also tears us apart. We are the ones of the front lines of data protection, from election hacking to the misinformation campaigns on social media. We are the ones making key decisions around privacy, ethics, usability and responsibility, which means our ability to grow into different roles is fundamental to our ability to protect the people and systems of the world. And when we all work as one, as is being touted this year at RSA, the security world itself becomes a better place.

*** This is a Security Bloggers Network syndicated blog from Blog | ZeroNorth authored by ZeroNorth. Read the original post at: