Darkreading.com reported that CISOs are recommending that you should get “people to fall in love with the security team, and you'll get them to care about security,…” The October 25, 2019 article entitled “Building a Cybersecurity Culture: What's Love Got to Do With It?” also means that CISOs should speak in plain language, not gizmo talk!
The article included these comments from Fredrick "Flee" Lee who is the CISO at Gusto (a cloud-based payroll, benefits, and human resource management software provider):
The key to building and instilling a security culture within an organization is to make security lovable,…
Security can't hide behind their hoodies, so to speak.
Security should be the most approachable team in the room so that other teams within the organization want to actively engage with [them], instead of skirting around [them].
…you want your security team to be approachable — to be seen as the helpers, he says.
Nail that and suddenly security isn't seen as a roadblock or barrier; it's the team who's going to go out and find solutions to securely enable products and features that weren't possible in the past.
You don't get someone to fall in love with a sport by throwing the rule book at them,…
…keep his security folks visible year-round by seating them among the teams they support.
Love this advice, don’t you?