• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

What security professionals can learn from interdisciplinary teamwork

September 15, 2016 by Dawn-Marie Hutchinson

interdisciplinary teamwork

Copyright: 123rf/gajus

The following is a guest post by a 2016 Secure360 Wisconsin Gold Sponsor Optiv. 

These days, security professionals are asked to be knowledgeable about a wide range of topics. Not only is the technical aspect of the job ever-changing, but healthy knowledge of legal, financial and other issues is becoming less of a bonus and more of a necessity in this field.

Effective security programs require complete knowledge of many issues, but it’s nearly impossible for one person to be an expert in audits, every type of law, information technology and many, many other disciplines.

For years, elite athletes have touted the value of “cross-training,” or training in something that may not be your profession, but will help you do your job better. Interdisciplinary security teamwork can bolster a security professional’s knowledge in areas that may not be the job, but will help them do their jobs better.

Listen

While the most obvious, this also can be the most difficult piece of advice to adhere to. If you have a privacy lawyer on the phone while investigating a breach, listen to what they have to say. It can be all-too-easy to fall into the trap of “being an expert” anytime you deal with someone outside your industry. Even if you have run into a scenario a dozen times and think you know what the lawyer will say, listen. You may learn something new, get an update on standard practices or a simple refresher from someone who knows more than you.

And always remember, you need their help, so take it.

Ask questions

You’d be surprised at how many people are afraid of asking questions about even the most highly technical industry terms. When you find yourself in an interdisciplinary situation, understand that you will not know terms, techniques and commonly-used tools. That’s OK! If someone uses a term you don’t know, do not hesitate to pause and have them explain. If you create an environment where questions – even simple ones – are encouraged, everyone in the room will be better off, and you’ll all leave a little bit smarter.

On the security pro side, don’t wait for questions. Make sure you break down the densest lingo or scenarios into terms everyone can understand. Never assume everyone knows everything.

Get on the same page

An easy way to ruffle feathers is when the “knowledge gap” is too wide. Explain things that are obvious (“you should change your passwords”) and you fail to demonstrate value. Off-handedly explain things that are technical (“your IAM program is vulnerable to third-party risk”), and you could alienate your interdisciplinary team.

Setting a baseline of understanding is key. Remember, this is a team effort. If someone is missing a playbook, help them out.

Be realistic

One goal of interdisciplinary teamwork is to gain perspective to help a security program run better. But don’t try to bite off more than you can chew. After some meetings, in can be easy to think you can do more than you actually can. You aren’t suddenly qualified to be an intellectual property lawyer because you spent an afternoon in a conference room with one.

I call this “doing the doable.” Ask yourself “is this doable?” from a resource, time, efficiency and effectiveness standpoint. Try and create action plans, review them and then assess if it’s possible. Taking knowledge back to your team without any sort of realistic plan to implement it is a wasted effort.

Be open-minded

Lawyers and accountants are professions you are most likely to work with during cross-disciplinary sessions. They may not – and should not – be the only ones. You may work with a client’s communications team or human resources or a litany of other possibilities. Each department of an organization will have varying levels of security knowledge, as well as unique goals and directives.

Don’t dismiss a department rep even if it is not be obvious why they are there. If an organization has been breached, someone from marketing may have crisis communication experience, for example. When doing our jobs, sometimes we forget that security affects every level of business.

Filed Under: Guest Posts

About Dawn-Marie Hutchinson

Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as an as executive director, executive advisory at Optiv. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.

While serving on the HITRUST working group for Data De-Identification, Hutchinson established standards and controls for the anonymization of patient level data and is credited with authoring the white paper for defining those levels, as well as use cases for the secondary uses of medical data. Additionally, she served on the HITRUST Privacy working group tasked with revising the HITRUST Common Security Framework to include additional privacy controls and the inclusion of NIST application recommendations.

Prior to joining Optiv, Hutchinson was the chief information security officer at Comm Solutions and also led the information security program at Urban Outfi"ers, based in Philadelphia. Her tenure in information technology also includes work at Walt Disney World, Co., Banknorth Group, Inc., Independence Blue Cross and Protiviti.

Hutchinson currently sits on the Cyber Security Canon Commi"ee, was the recipient of the CRM Women’s Power 50 award and hold accreditations that include Certified Information Security Manager (CISM), Certified in Risk and Information System Controls (CRISC), Certified Information Systems Auditor (CISA) and former Payment Card Industry Qualified Security Assessor (QSA). She is also a 2013 Master’s of Business Administration graduate of the Saint Joseph’s University Haub School of Business.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. smallarmy
    smallarmy: @TylerCohenWood @Secure360 Good
    about 1 day ago

  2. Secure360 Conference
    Secure360 Conference: Woo hoo!! Thanks to everyone who donated and for those who would still like to, you can do so at… https://t.co/jW3EsvOAFp
    about 1 day ago

  3. Bryghtpath LLC
    Bryghtpath LLC: Bryghtpath CEO @bryanstrawser presented last week at the @Secure360 Conference on "Navigating the Ransomware Challe… https://t.co/iXa3JeRKNN
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.