How the structure of a security team can impact cybersecurity
The role of the CISO has broadened over the years, and this extends to security teams too where a variety of different skills are now needed. For instance, an organization might have a security team member that focuses purely on application security, but their role would tie directly to other roles in information security, data management, and compliance. However, it’s also important to have non-technical people such as those in roles focused purely on communication and culture, or employee awareness training.
Companies like scoutbee, which serve big client organizations, will usually have a commercial officer in charge of making sure all compliance obligations are met for each live contract. This is a perfect example of the holistic or “horizontal” approach security teams need to take for modern organizations to become more effective and resilient. There’s still a slightly archaic mindset that plagues some businesses where each department’s concept of security is siloed; they might think that all they need is an engineer or an architect, but then they realize they also need to take care of governance, contracts, SecOps and more. Soon their team budget gets out of hand. If, on the other hand, their security strategy was centralized and holistic, they could move much more quickly as a business.