Labeling the field of cybersecurity may seem like something of little importance. However, it can drive the dynamic of how an organization handles cyber initiatives. Many people miscategorize it as an industry in itself. That’s not accurate. Cybersecurity is a support industry. It wouldn’t exist without being part of other sectors—manufacturing, healthcare, financial services, etc.
Placing cybersecurity in the right classification matters in how a company thinks, acts, and responds to cyber threats. Failure to see it as a support industry can cause failures and misalignment. It’s a statement I make with context on why in my book, The Smartest Person in the Room.
In this post, we’ll go over why it’s a support industry and why that positioning is so vital.
In calling something a support industry, it means that it supports others. At its core, cybersecurity is the pursuit of protecting data, computers, and networks. All those assets belong to a company that is within a designated industry.
Business leaders expect cybersecurity teams to be the protectors of their digital footprint. When organizations treat cybersecurity as their own silo, it causes elevated risk and disconnection between cyber initiatives and business ones.
But what about cybersecurity firms that provide services?
Cybersecurity Companies Are Still Part of the Support Industry Ecosystem
The categorization of industries is rigid in some instances, such as the NAICS (North American Industry Classification System). It’s what governments use to classify businesses. In most cases, the term industry is not so defined.
Cybersecurity firms that act as the provider of managed services would consider themselves a sector within NAICS, but that has little to do with the practical aspect of how a company works. Cybersecurity organizations still support other industries and should keep that top of mind in how they conduct their partnerships with customers.
Without the “support” part of the description, a cybersecurity department or company may forget its purpose. Egos become bigger, communication between groups collapses, and failures occur. Next, we’ll look at what those consequences could be.
Without ‘Support,’ Cybersecurity Teams Stray from Their Path
Aligning with support is crucial for cybersecurity to be effective. Taking away this element can lead to moving off the path and into greater risk and exposure. Here’s what that might look like.
Many failures in cybersecurity are the direct cause of poor communication. It’s typically on the side of technical people. Those cybersecurity professionals that believe they are the smartest people in the room don’t want to discuss what their clients need or want (whether that group is internal or external).
Conversations about the basics of protecting data and supporting those that use it, and systems, aren’t important to them. They have all the answers and certainly don’t see themselves in a supporting role. They believe they are the stars of the show and always know what’s best, regardless of what their clients want and need. They are often incapable of listening except to respond and refute. Such behavior erodes trust and hinders innovation. Should an incident occur due to a lack of communication, they’ll be looking for others to blame, even though they were in control.
Business Goals and Cybersecurity Strategies Don’t Align
Another issue that occurs when cybersecurity omits support is misalignment between business goals and cybersecurity strategies. In an ideal scenario, cybersecurity would support goals. Those business goals, in terms of technology, could include things like improving response times, reducing costs, or implementing more automation.
If cybersecurity believes it has autonomy, it may dismiss these goals and not prioritize them. They could have their own goals that negate what the business is trying to achieve in terms of enterprise pursuits like digital transformation. Now groups become antagonistic instead of collaborative. That’s a nightmare situation that could lead to many failures regarding security, wasted resources, and missed opportunities.
Cybersecurity Crowning Itself as an Industry is the Product of Fixed Mindsets
Mindset is a critical component in cybersecurity. It’s the second step of the Secure Methodology, which I developed in my book. The Secure Methodology is a framework with seven steps to help leaders transform technical teams into better communicators and collaborators. It focuses on soft skill development that makes cybersecurity professionals more adaptable, flexible, and adept at preventing and responding to threats.
In the section on mindset, I present the two types: fixed and growth. You can already guess that fixed is closed. That’s the kind of environment that exists when cybersecurity excludes support. The impact of this can be substantial. If employees aren’t willing to change and grow, neither will how they approach cybersecurity.
This limiting mindset isn’t easily lifted. There are exercises and strategies in the book. In terms of its effect on the support aspect, it creates unmovable minds who don’t feel obligated or responsible to serve anyone but themselves, and there may be nothing more concerning than this.
A Cybersecurity Culture Lacking in Support Becomes More Toxic
So, what happens if those on your cyber team refuse to consider themselves as support personnel? Eventually, it’s going to become a toxic culture. That’s because your managers will continue to hire people like them. They don’t want anyone who would challenge any of their ideas.
Instead of bringing in people with soft skills who have growth mindsets and understand cybersecurity as a support industry, they’ll stick with those like them. Soon you may have a team of people who think they are the smartest in the room. They will choose only to support their strategies and initiatives. You don’t want to get to this place because that’s when your risk exposure is the highest.
So, these points are a bit grim, but it’s important to understand where you could be heading and correct course. Here’s what can happen when your people gladly accept their support role.
The Other Side: What You Can Achieve as a Support Industry
What changes could your cybersecurity group realize if they categorized themselves as a support industry? There are many advantages to this being part of your foundational culture.
Support Teams Understand the Value of Agility
A well-run support team must be agile and adaptable. Cybersecurity and the needs of a business change constantly. When your people see their role as a team that must evolve as threats, risks, and objectives do, you reduce the chance of failures.
Adaptability is a key people skill that cybersecurity professionals can have. It’s so important to be supportive, as well, because they understand their role is to bend to the organization’s needs, not their own!
Communication Comes from a Place of Being a Partner
Does the way your team classifies themselves impact communications? Yes, it can because it’s a different dynamic. When cyber professionals assume a supportive role, they want to hear from all the stakeholders. They are willing to discuss many possibilities that will serve the needs of their clients.
Communication that’s transparent and honest is the most essential aspect of a cybersecurity team’s ability to protect. If poor communication is what puts a target on you, then impactful communication does the opposite.
Communication skills aren’t impossible to develop and improve. There are many exercises in my book specific to this, and the more you hone this, the better off all your people will be (at work and in life).
Support Industries Learn from the Past; They Don’t Repeat It
Yes, we are all doomed to repeat the past if we don’t learn from it! Your cybersecurity folks are no different. There will be incidents, as there’s no foolproof way to operate in a digital world. It’s what happens after that matters.
A support team wants to dissect the issues and get to the why, so they learn. They take what they find from this experience and let it shape how they approach security in the future. These moments can also deliver this when your people have a support mindset.
Support Philosophy Drives Innovation
When one group supports an enterprise or a client, they are eager to understand the challenges and work toward resolving them. These are often highly complex and novel, requiring new approaches and ideas. That’s where innovation happens.
People push themselves to produce better solutions when they see their efforts as supportive. In a closed mindset that dismisses support notions, there is little innovation because it’s unknown and uncertain, and they don’t care about outcomes.
These are a few of the positive outcomes of categorizing cybersecurity as a support industry. When your employees operate this, it just makes everything smoother. There’s less conflict and animosity. It strengthens collaboration and trust, and any team will be better when these things are true.
How Do You Categorize Your Cybersecurity Team?
You may not have explicitly thought about this before. However, you can now see how pivotal it is to designate cybersecurity as a support industry. It can considerably impact how your people operate and how well they keep things secure. You can learn more about building a team that realizes the value of being a support industry by getting your copy of The Smartest Person in the Room.