On August 19th Presidio Federal’s CTO, Craig Heartwell spoke at GovernmenCIO’s event on National Security. Cybersecurity is increasingly becoming synonymous with national security. As we become more connected, integrate technology into our infrastructure, and work to ensure that our supply chains are secure, technology leaders must continue working on strategies for securing our nation. Many federal agencies are adopting Agile methodology and a DevSecOps approach to software development by merging development and security teams. Integrating cybersecurity teams across IT departments is a growing trend in IT, but enacting lasting cultural and procedural change is no easy feat.
During this event, Heartwell talked about how to build strong cyber teams that can be integrated across an organization to facilitate seamless communication, quicker response times to cyber incidents, and improved resiliency. He addressed characteristics of a strong cybersecurity team, the cultural friction that organizations sometimes experience when implementing cybersecurity teams (and how to avoid it), tips for staffing cybersecurity teams.
Here is an excerpt from Craig’s remarks at this event:
“A strong cybersecurity team is a fully capable, multi-functional, diverse team with broad skills including development, analytical and people skills (or “soft” skills). A cybersecurity team is a full-time, dedicated, independent entity. It is important to recognize that a cybersecurity team is a separate, focused entity populated with full-time, dedicated resources; cybersecurity is not a role you add to someone’s existing workload.”
“Introducing a cybersecurity team into an organization is an important step toward maturity. It requires forethought and strategy for aligning the team with the rest of the organization and creating a security-embracing culture across the organization. And be patient even in the face of urgency – it takes time to do everything you need to do to establish a rock-solid security profile, and it’s a continuous process that will never end, so you need the cybersecurity team to be a beloved part of the family.”
You can hear some of Heartwell’s remarks here: