Mindset impacts everything we do. It’s the one thing someone can control in most situations. When your mindset is broad, overcoming challenges seems possible. Since cybersecurity is really a discipline riddled with challenges, you can see why mindset is so important. That’s why it’s the second step in the Secure Methodology. It builds on what you learned in step one awareness.
What Is the Secure Methodology?
First, here’s a refresher on the framework of the Secure Methodology. It’s a guide with seven steps featured in my book, The Smartest Person in the Room. Its purpose is to help organizations transform their technical teams into excellent communicators. It provides tools to think outside of ones and zeroes or black-and-white thinking.
Using the Secure Methodology can build a more collaborative group and enhance their people skills. As a result, your cybersecurity will be more adept at preventing and responding to threats.
In this article, I’ll briefly summarize the elements of step two mindset with a glimpse at what you can learn in the book that can impact your cyber professionals.
Two Dimensions of Mindset: Fixed and Growth
The idea of two different mindsets — fixed and growth — isn’t new, but it still provides the foundation for how to evolve it. First is the growth mindset. In this condition, people believe they are in charge of their own life. You realize you are the cause, not the effect.
Those with a growth mindset have no doubts that they can overcome challenges. They see possibilities where others don’t. They are willing to try new things and have curious nature that loves to learn. These people are solution-centric and have a passion for solving problems.
A fixed mindset is much the opposite. Those in this category think everything is set in stone, and they have zero control. They believe they are the effect, not the cause. In most cases, they are closed-minded and have no desire to learn and change. These beliefs limit everything they do. They are confined by them and stay stuck.
A growth mindset is what you’d like to see in all your cyber professionals. However, you’re probably already aware that’s not the case. So, why is a growth mindset so critical in these settings?
Without a Growth Mindset, There’s No Ownership of Actions
A growth mindset is flexible and adaptable. Those with it own their actions and can learn from them. Without this accountability, failure would always be the fault of someone or something else.
The willingness to lean into mistakes and grow from them is a skill that helps anyone in business and life. Because cybersecurity is a big puzzle with new pieces appearing constantly, a growth mindset allows people to adjust to this environment. Those with a fixed one won’t thrive. They just want to go through the motions, and that’s a big threat to your organization’s security.
Mindset’s Impact on Cybersecurity
The most vital aspect of mindset in cybersecurity is facing the truth. That means complete transparency around the threats posed every day and the weaknesses and vulnerabilities of a network. Growth mindsets can handle the truth; fixed mindsets are always running from it.
Lack of an open mind keeps people in the same routine of going through the motions of cybersecurity. They approach every project the same, overcomplicating it so they look like the smartest person in the room. These individuals have very narrow blinders on and simply recite the processes like it’s a monologue in a Shakespeare play.
Fixed mindsets can’t accept anything new, including solutions that are a good match for the issue at hand. If you have a team walking around not facing the truth, your organization could be in serious cyber trouble.
How Fixed Mindsets Bungle Cybersecurity
So, what does fear of the truth and an inflexible mindset look like in cybersecurity? Lots of examples are happening all around you. Here are some scenarios.
Penetration testing is a normal part of keeping an application secure. One can reveal many cracks in the security walls. Often, passwords and algorithms that generate them can have flaws.
Correcting for this doesn’t have to be overly complex. Yet, time and time again, I’ve seen cyber leaders do just that. Rolling out complicated authentication systems gives the illusion of better security. It can also be expensive.
When cyber professionals are too focused on their one way to solve a concern, they see no other alternatives. As a result, it makes things less secure.
Another example is simple communication within a team. It can be regarding a major project, a cyber rule, or another exchange. For example, you could be debriefing an incident, and fixed mindset people will communicate in a manner that deflects blame and offers no insight.
They cannot accept the truth of the situation and feel it was unavoidable because they did the things they’ve always done. That type of thinking will sink cyber initiatives and strategies. You’ve got too many people in the boat unwilling to paddle.
So, is mindset changeable? Can you put a fixed mindset through experiences that help them break free from it? First, people need to have the right commitment.
Commitment Is Crucial
A growth mindset is the first building block, but your team has to do more. They must commit to this mindset. In doing so, there’s no friction or barrier to trying a new approach to an old problem. So, it’s not enough to be in a place of growth; they also have to commit to evolving.
The commitment goes beyond that of change. Your team also needs to commit to cybersecurity. Without this, winning the war against cyber criminals is a losing proposition.
They also need to be dedicated for the right reasons. Cyber professionals that only see dollar signs won’t hack it. Cybersecurity is a hard industry. There’s a lot at stake. The pressure is palpable, and it’s constantly changing. A committed growth mindset enables professionals to be nimble and creative.
Transforming Mindsets of Your Cyber Team
Change, in any situation, is hard. It’s much easier to keep going on the same track and not deviate. However, that’s a one-way street to failure. So, you’ll need a solid approach to change these minds and hearts.
If there’s potential for a growth mindset and a commitment to cybersecurity, there are ways to support transformation. Here are some of the best tips for this.
By asking the right questions, you can take a person back to a moment to consider how they might do things differently. Be specific in the questions by asking for two or more things they would do to improve the situation.
Based on their responses, there are coaching opportunities. Reflection looks back, but you want them to take what they learn and move forward.
It may be difficult to pull out these reflections from people not used to doing this. You don’t want it to feel stressful or overwhelming because your mindset closes up when this occurs. The alternative is to recommend that they write about it for at least five minutes. This can be cathartic and move them toward opening up their minds.
Another method to use for mindset is asking why in the 7 Levels Deep Exercise. This is because it takes the average person seven questions to crack into their “why.” You’re peeling back the layers to determine true motivation by going through this exercise.
You can’t move forward with mindset change unless you know the person’s motivation. Not all motivations will align with an open mindset. If those reveal themselves, and there seems nowhere to go, those people may not be the best fit for your cyber team.
Acknowledge Small and Big Shifts in Mindset
Your mantra as a cyber leader in terms of mindset is that a growing one helps people succeed. When you see shifts in this, whether big or small, you should acknowledge them. It doesn’t have to be anything big but an appreciation of the evolving mindset patterns.
For example, your team could be discussing the latest phishing scams that are causing chaos. You have a protocol and strategy around phishing that combines technology tools and training. So, a fixed mindset would follow the same trail. If one of your employees speaks up about adjusting it to account for something new based on past learnings, that’s a growth mindset. This is an opportunity to reinforce this type of thinking. Share with your team why this response is what will assist them in winning the cybersecurity war.
Learn More About Mindset in the Secure Methodology
Find more insights, explanations, tips, and exercises on impacting mindset in The Smartest Person in the Room. With this information, you can develop your staff and help them evolve toward a growth mindset. You’ll also find all the steps of the Secure Methodology and how to integrate them into your cybersecurity operations. Get your copy today.