Adaptability and agility were the themes of 2020. Businesses had to make quick decisions to be flexible in a world of uncertainty. Both of these ideas apply to cybersecurity, but they are the result of the pandemic. Adapting in cybersecurity and being agile have long been hallmarks of the field. After all, there’s always a new threat or risk, so the industry is certainly not static.
In this post, I’ll offer some insight on cybersecurity adaptability and agility that I express in my book, The Smartest Person in the Room. Consider it a primer for reading it in its entirety. Hopefully, you’ll take away from it some ideas and strategies for being adaptable and agile in cybersecurity.
Nothing Is Certain, But Uncertainty
There is a lot of uncertainty in cybersecurity, but that doesn’t mean you can’t adapt. Uncertainty, however, is sometimes challenging for technical folks. They always long to know the answer, but that’s not the reality of cybersecurity. Being fearful of uncertainty is a fixed mindset feeling. Whereas embracing it is how a growth mindset interprets it.
Embracing uncertainty doesn’t mean leaving things to chance or being carefree about it. Life is full of uncertainty; it’s the only thing we can be certain of and rely on. What it sets up is a perspective to be flexible and adaptable to change.
Since we can only be certain of uncertainty, this can cause fear, denial, and more for cybersecurity professionals. But the ability to adapt isn’t just good to have. It’s imperative. There’s a reason why adaptations occur in the biological world—it’s adapt or die. And that holds true in the world of cybersecurity. Either your team can be nimble and evolve, or it will be impossible to keep data and networks secure.
People Are Conditioned to Believe Certainty Is Attainable
From a young age, we are conditioned to think that certainty is the standard and that we should only follow specific paths. Thankfully, many people take the other courses, fueling innovation and proving that adaptability is a crucial trait to have as a person and a professional.
Each of us only has the present. What happens tomorrow is sometimes out of our hands, no matter how long we prepare. The same is true in cybersecurity. You can have a team of talented people with experience and education, but that doesn’t mean they’ll know the newest threat a cybercriminal attempts.
Cyber attacks happen constantly. Those who deploy them are relentless. They are adaptable and agile in the face of cybersecurity protection. Thus, your internal team has to mimic those same characteristics, realizing that uncertainty is actually the norm. It takes a long time to implement this change and earn improvements. We must all let go of the fallacy that if we don’t achieve on the first try, it’s simply not achievable or worth further effort.
Uncertainty Is Part of Improvement
To become proficient at a skill, you have to hit improvements along the way. You won’t hit mastery without incremental improvements, and those are full of uncertainty. Failures are opportunities to grow and learn. If your team is too fearful of failure to innovate its cybersecurity framework, they’ll never improve. They will remain in that valley, and cybercriminals will keep getting better and smarter.
It goes back to embracing a growth mindset of persistence and perseverance. Very few life-changing inventions went right the first time or the hundredth time. You often must get worse before you get better at something, but technical folks who struggle with always wanting to know everything aren’t going to get over the humps. They’ll stop and convert to old ways. That’s harmful to their professional and personal growth. It also puts your data and networks at risk.
Why You Need to Adapt People, Processes, and Strategies
Let’s get honest about adaptability in cybersecurity, looking at people, processes, and strategies. People are the hardest to adapt. Those people set the processes and strategies. So, you must work on the people first, and technical people are often some of the hardest cases.
It requires altering behavior. The idea of behavioral flexibility, which I cover in my book, is that people can alter behaviors to match a situation. Cybersecurity is dynamic and ever-changing, so change can be at a rapid pace. So how can you adapt people?
- Communicate differently: Leaders should embody empathy in communication regarding the struggles of black-and-white, ones and zeroes professionals. A good tip is to avoid the word why and to lead with what and how.
- Develop employee’s soft skills: People skills are imperative to adaptability. Focusing on developing and fostering these will be beneficial.
- Value reflection: You and your team can learn a lot from reflecting on a specific issue and incident. On the one hand, you can forensically break it down to the facts. Additionally, there are the more abstract aspects like feelings and motivations.
- Encourage flexibility in thinking: Achieving a robust cybersecurity position doesn’t occur with rigid thinking. New problems arise all the time that don’t fit the mold. If you urge for flexibility in cracking them, you’re likely to come up with better solutions.
- Keep learning alive: Your technical team may have cybersecurity certifications and college degrees. Those don’t, however, mean a lot in the real-world. That material can quickly become obsolete, so creating a culture of knowledge and learning is good for all. If you have people resisting this, that’s likely a red flag. You can address that with them individually and make the decision together if they can commit to adaptability.
If your people can grow and change, realizing the advantages of adaptability, they’ll then be able to work on processes and strategies. These should always be flexible because what works today may be obsolete tomorrow.
Why Agility Matters in Cybersecurity
Adaptability and agility aren’t the same things, but they have the same roots. Agility is more about being nimble with your cybersecurity operations. It’s something you can’t do without the assurance that you are adaptable.
Agility means you can pivot when things change. Everyone shifted a lot in the last year, as more pressure was put on digital channels and assets. That demand also meant a rise in cybersecurity attacks. When the industry turns, so do the criminals that want to steal data and cause havoc.
The key is to be able to make that turn as well. One of the most critical areas to do this is your cybersecurity framework. If it’s overly complex, agility is going to be hard to master. It’s certainly an area ripe for reform, and it’s the core of processes and strategies. If you can simplify and demystify the cybersecurity framework. Doing so can set you squarely on the path to embracing uncertainty.
How Can You and Your Cybersecurity Team Embrace Uncertainty?
We’ll never win the cybersecurity war without embracing uncertainty. Staying in familiar and comfortable mindsets and positions gets you bested every day by cybercriminals. Technical folks often struggle with people skills, which is very integral to the uncertainty conversation. If they avoid it in their personal life, why do they get into a field where it’s abundant?
The uncertainty they encounter is technical, so to them, there’s a logical answer. In the world of technology, computers are consistent. They respond the same way nine times out of 10. People, however, are inconsistent. Cybersecurity brings technology and people together. That’s a balance that errs on the side of uncertainty.
What people do with technology is the real crux of uncertainty in cybersecurity. You and your team will never have full visibility or awareness of every move of cybercriminals. The point is to evolve as they evolve.
One of the best ways to do this is to practice kaizen, the last tenet of my Secure Methodology. By following kaizen, you and your team can learn to embrace uncertainty to make improvements. In this way, you use it for moving forward, not standing still. You can learn more about kaizen and the other steps of the Secure Methodology in my book.
Adapting in Cybersecurity: Uncertainty Isn’t the Enemy
You don’t know what you don’t know, right? That can create a cloud of uncertainty, which can either overshadow or illuminate your cybersecurity operations. You’ll be in a much better position if it’s the latter. Getting there will take work and commitment, but it’s possible. Explore adapting in cybersecurity in The Smartest Person in the Room.