Okay , today , on Cyber Work Hacks , my guest is InfoSec skills author and teacher , cicero Chimbanda . Now , cicero's skills path concerns building the soft skills needed to succeed in the role of cybersecurity manager . So for today's hack , cicero tells us his best tip for cybersecurity managers to keep their security teams fulfilled and connected .
As we speak , many companies are entering their Q2 and Cicero has great advice for taking Q1 successes or not successes , and using the framework to reinforce the connection between the team and leadership and being a conduit that moves between each of them . There's some excellent advice for cybersecurity managers of today and for cybersecurity managers yet to come .
So to keep it here for today's CyberWork Hack . Hello and welcome to a new episode of Cyber Work Hacks . The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick , clear and actionable solution or a new insight in how to utilize InfoSec products and training to achieve your work and career goals .
So for today's hack , my guest is my longtime friend and InfoSec instructor and collaborator , cicero Chimbanda .
Now , cicero has been a guest on CyberWorks several times discussing his specialty , which is the soft skills needed to be an effective cybersecurity manager , so I'm hoping you can go back to our YouTube page or our podcast page and look up Cicero's past episodes , because they're all great .
So today I'm going to be talking with Cicero about a series of hacks for security managers and the security managers who are yet to come . So today's hack is very straightforward , so I'm just going to get into it . So , first off , cicero , thank you for joining me today on CyberWorks Hacks .
Thank you , Chris .
That's great , yeah , great , to have you back . Absolutely so , cicero , this is going to be a different kind of hack today . It's answering a single question , but it's kind of an open-ended one . So I hope you'll indulge me . Cybersecurity managers have a lot of obligations to their company .
They have to keep them secure , they have to keep the methods and tech they use relevant and up-to-date and in line with budgets and , importantly , security managers need to manage their security team .
So , based on your teaching and personal experience , what is your one biggest tip for security managers that they can implement immediately that will keep their security team more fulfilled , cohesive and , in general , feeling like they're a vital part of the security team and the company ?
Chris again , thank you again for having me . I think it's a great question , a key question , and I don't know when your audience will listen to this , but I will make it universal . I think , first of all , staying strategic .
I think that's always key Not being lost in the weeds , but one thing that one can do right now we're ending , we've just ended Q1 and we're beginning Q2 . And one of the ways to stay strategic in your role as a security manager is to always I like to call it the head and tails .
You know , if you look at a coin , you got a heads and tails and it's a look in and look out . That's how I look at it . And so looking in , and Q1 just finished how I look at it . And so looking in and Q1 just finished . I think one thing as a manager , you want to make sure you're tracking your people's strategic projects .
So how did it go the first Q quarter ? Okay . Now , if you're in a different quarter , you could do the same , depending on what quarter , and just making sure that your team they're not facing any roadblocks if there's projects associated , Giving constructive feedback to your team . And I think one other thing is revisiting the training for your year .
Making sure that your team has looked into what are the training courses they're going to take , what conferences they're going to go into , conferences they're going to go into if they're going to do anything this year . So making sure that your team feels like , hey , you are behind their strategic initiatives .
So that's a looking in within your team , but you also want to make it relevant to the business , as you asked , and that's to look out , and that's to look out . So Q1 is finished , Q2 is about to begin .
No-transcript embed myself into their meetings , bring a couple of my senior members with me and to communicate hey , here's what we're doing as a cybersecurity . These are big initiatives . This is how it's going . We're just finished Q1 , giving them a sense of , hey , we are working on your behalf .
But number two , asking the question and listening to the business units how is it going ? How are we doing as a cybersecurity department or organization ? Because we don't want to just be again the no department . We want to be the enablement and the secure . We want to make sure that they know we are aligning our projects to their business initiatives .
So that's really a key component of what I would say one can do right now .
Yeah , I think that's a really great point , and especially , I think , because we don't really think about it all the time . But Q1 starts right after . You know what , for a lot of people , is kind of a holiday year reset , and you're you know the first quarter is spent . You're sort of working your way back up to it .
So as you start Q2 , it's important to see what was happening in this sort of odd times or whatever , and how you can be sort of this two-way conduit . You're making sure that you know your team's goals are being , you know , communicated to the leadership and leadership's goals are being communicated to the team .
So I think that's a really great insight and a really great sort of focusing mechanism for you at this point in your journey . So , if any , are there any challenges in implementing a change like this ? What do you think are the challenges in getting this started ?
Great , great , again , great topic . So I think the first one is there's going to be negative dynamics . You know , whenever you're asking to , you know , unravel or lift up the leafs , you're going to find something , and so negative dynamics are going to come up in your teams . There's going to be some conflict resolution .
You're going to have to play that mediator in your team . So you want to get rid of all those obstacles at the beginning . Don't wait till they surface and they become a problem .
So if you ask the questions , how's it going , how are things going with the teams , if there's smaller groups or project teams that are working for the first time , just asking those questions , so those dynamics will come up . Just be ready to address them . The other one is one thing that I love .
People can get lost under specific rules as they're hitting in the ground . You know some people might overreach , they might get off of their lane , they might not be in their lane . So it's a good time to reaffirm people's roles and responsibilities .
Hey , remember , yes , you're doing this , you're getting caught up on the day-to-day mundane , but remember your role is you're an administrator for this appliance . Your role is for training the users , for user awareness . Your role is . So reaffirming people's roles and responsibility can help them stay in their lane .
So reaffirming people's roles and responsibility can help them stay in their lane . And then , lastly , I would just say people sometimes may be timid , may not be , may be insecure . So empowering your employees , reaffirming that you are behind them , and so those are the things that I would say .
These are some obstacles that might surface as you are unraveling these questions .
Those are great things to watch out for . Is there a first step that you could take to make this process get underway today , after you're watching this podcast ?
Schedule the meetings Calendar . If you got calendary , like my good friend Chris has , you know , start putting out in your calendar when you want and you know when you want to meet with your team individually , collectively , and when you want to get on the calendars of the business units . Business units are busy , they have speakers .
So I actually just did that two weeks ago and I got myself an agenda of my strategic business units . They got me lined up , they gave me the topic I'm bringing in . So just get in the calendar of your business units . They got me lined up , they gave me the topic I'm bringing in .
So just get in the calendar of your business units and get your employees in your calendar .
Yeah , that's a great prompt , obviously . So you have a hard date in your calendar . It's time to make action there . So , as I said at the top of the episode , cicero has a learning path on InfoSec skills pertaining to security manager soft skills . So , cicero , what will Inf ?
Yeah , I'll start off with the strategic . We're talking about being strategic , so , as soft skills , we use the model which is STS , which stands for strategic security .
So we want to make sure we're staying relevant with the business units and an industry focus , whatever industry health care , financial , government or even non-for-profit if you're a non-for-profit , so stay strategic . The other thing you'll learn is the T , which stands for trust . Trust is to understand the rules of the road , the course .
I just finished running a half a marathon over the weekend . I like to run and thank you , and it was a course that I've run before , but they changed the course , so I needed to make sure I looked at the course before I ran . I didn't , you know , and it's the same thing in our industry , rules change .
You know , the government regulatory , so we need to stay of what the rules are . And then , lastly , the S is stability the rules are . And then , lastly , the S is stability . You'll learn how to make sure your cybersecurity is aligned , to make sure your company stays stable .
Love it All right , that's a great summary there . So , Sushant and Banda , thank you for providing our listeners with your management and leadership insight . This is great to talk to you again . Thank you , Chris , and thank you all for watching this episode .
Now , if you enjoyed this video and felt it helped you , I hope you'll share it with your colleagues and on your forums and your social media accounts , and please like , subscribe . If you have a place to review , please review our show on your podcast feed or your YouTube page . Just type in Cyber Work InfoSec into any of them and we'll pop up like magic .
We're actually surprisingly easy to find , despite the very universal keywords , but there's plenty more to come for learners of all levels . So if you have any topics that you want us to cover , just drop them in the comments below . But until then , I will see you next time . And for Cicero Chimbanda and I , happy learning .
Hey , if you're worried about choosing the right cybersecurity career , click here to see the 12th most in-demand cybersecurity roles . I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence . I'll see you there .