You need to face a painful reality: IT security departments have a mixed reputation. At best, security is respected for keeping companies safe during attacks. The rest of the time, IT security is seen as “the department of NO” for opposing technical innovation. That perception makes it harder to do your job effectively.
If you leave this image problem unaddressed, you’ll face issues with scaling. Executives will start to rely upon third parties and consultants. Business-managed applications will start to become more important. IT leadership will be sidelined from important strategic meetings.
Don’t let that happen to you!
Use these seven techniques to position the IT security department as an enabler of scaling. Let’s use the Investopedia definition of scalability:
“Scalability is a characteristic of a system, model or function that describes its capability to cope and perform well under an increased or expanding workload or scope.”
In 2019 and beyond, scalability requires technology that can quickly adapt to new customer demands and security threats.
1. Change the IT Security Mindset
The first step in organizational change for IT security lies within you as the leader.
You need to see IT security goals in the context of an organization’s broader ambitions. For example, if you work at a bank that aims to become the best in customer experience, then innovation and flexibility are parts of the picture.
Action Step: Mentally switch places with the CEO. Now, ask yourself whether IT security is making appropriate contributions to the company’s goals.
2. Clarify Scaling Goals with Business Leaders
Without a crisp definition and metrics, scaling is a meaningless buzzword. There are two ways to obtain the needed clarification. First, start by reviewing written goals and objectives documents created by the senior management team. Look for goals related to customers, revenue growth, retention rates, loyalty, and operations. After you review these documents, set up meetings with at least two senior managers or executives to clarify what scaling means to them.
Clarification questions to ask include:
- What growth goals matter to you?
- What has disappointed you in IT growth in the past?
- What technologies interest you and why?
- What feedback do you hear from sales and customers?
You might feel that you already know the answers to these questions. Nonetheless, it’s essential to ask them. These kinds of strategic meetings are vital to positioning IT as a division interested in enabling growth. Further, you’ll deepen your relationships with the business.
Action Step: Review the company’s meetings and identify which relate to scalability issues.
3. Equip IT Staff to Support Scaling
In the previous step, you looked outside of the IT organization. Your next move is to take a critical view of the IT department’s scaling capabilities. You should examine a few areas with your staff.
- Response to incidents and issues: Examine recent issues, system failures, and related problems. What do these issues tell you about your ability to grow quickly? For example, you may find that aging infrastructure routinely fails whenever traffic and transactions surge. Issues will happen even in the best organizations. The key question to ask is this: How much IT security staff time is taken up with responding to these issues? If the answer is more than 20%, your department is likely in a reactive mindset. That needs to change if you’re going to enable growth.
- Review your organizational structure: How many direct reports do you have? Are teams structured to allow coverage for vacations and the like? As an IT security leader, you need to evaluate these types of staffing issues to enable scaling.
- IT staff skills and competencies: You’re probably used to tracking how many staff members have IT security certifications. The next step lies in equipping your staff with new skills, such as scrum and cloud certifications.
- IT staff attitudes: Through meetings, employee surveys and other means, ask yourself whether your team is oriented toward scaling. If you have a large IT security organization, meaning anything more than 10 staff members, then we recommend carrying out a formal survey.
Action Step: Set aside half a day to think through the needs and capabilities of employees. Don’t make the mistake of assuming human resources will do this work for you. HR may have policies on training, development, and career paths.
4. Stress Test IT Systems for Scaling
To become proactive in supporting scaling, borrow an idea from the banking industry: stress testing. You’ll need to make some time and resources available to support this work. Here are some ways to execute this technique to enable scaling.
- Vendor-provided stress testing: Reach out to your technology providers to see which stress tests they can offer. For instance, discuss whether they can simulate an attack or a surge in traffic.
- Cyber scenario development: Most cyber staff members love the process of dreaming up new scenarios. As an IT security manager, challenge these scenarios to enable growth. Make a plan to implement 1-3 scenarios to be developed per year.
Action Step: Schedule an hour on your calendar to explore stress testing. This will set the groundwork to enable scaling growth.
5. Eliminate IT Security Tasks with Automation
How can you add capacity to your IT security team without hiring? It’s simple; implement cybersecurity implementation tools. We recommend you focus on two areas:
- Identity management automation: Use Group Enforcer to streamline access requests based on an employee’s role, rather than setting up each user manually.
- Password Management: Give your end users the ability to manage their passwords. That’s
easy to do with Password Station. It’s the fastest way to eliminate time-consuming calls to the help desk.
Action Step: Identify one automation opportunity for cybersecurity and start to build a business case for it.
6. Identify Acceptable Trade-offs to Support Scaling
Even with improved capacity from automation, there are still limits to what IT security can achieve. To address this issue, create a list of IT scaling trade-offs or tasks you’ll stop doing. For example, you might adjust the number and intensity of IT security risk assessments.
Action Step: Determine two “stop doing” activities you can eliminate or reduce to support scaling.
7. Go on Customer Visits
To keep your finger on the pulse of the company’s customers, make time to visit them quarterly. This will give you a first-hand picture of the roadblocks customers face. This technique is especially valuable if your company produces software.
Action Step: Contact the VP of Sales to schedule one customer visit this quarter.
What should you do next?
Choose one technique from this article and start working on it today!