These 10 steps can help CISOs and other cyber pros deal with the inevitable change they will face in an industry constantly challenged by new technology, widening business responsibilities, and an ever-evolving threat landscape.
If there’s one thing that’s inevitable in cybersecurity, it’s change. Ever-evolving technology requires new protections, threats seem to multiply and morph on a daily basis, and even the humblest pieces of software and hardware demand constant updating to stay secure.
That work has been increasing as the importance, visibility, and impact of security initiatives have ramped up in recent years. Now, more than ever, security programs often require stakeholders within and sometimes even outside an organization to change workflows, practices, and behaviors.
A disciplined approach to change management in security is a must, says Ken Knapton, who provides CISO and CIO services through his IT services firm Rocky Mountain CIO. “The idea is, if you’re going to make changes, there is a path you have to bring people down and it starts with ‘Here’s what we want to do,’” Knapton tells CSO.
To effectively lead organizations through change, Knapton uses a chart that maps the multiple steps necessary to successfully adopt new ways of working. The chart plots the movement from awareness and understanding of the desired change through compliance and adoption to, ultimately, internalization. It also lists the myriad consequences of resistance (including sabotage and canceled projects).
Knapton had successfully used this approach as a CIO. As he has more recently taken on CISO duties, he’s applying those same change-management skills to ensure that new security processes, policies, and technologies are adopted effectively.
Cybersecurity leaders need to widen their change-management skills
“Too often security leaders say, ‘We are going to do this because we have to’ without helping people along the path. That’s because they think everyone is going to jump on board. But that doesn’t work,” Knapton says.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!