Seven Ways to Ensure Successful Cross-Team Security Initiatives

Many organizations have one or more strategic initiatives that involve a large amount of coordination and cooperation across functions and teams. In my experience, these cross-team initiatives are often the most challenging ones, while simultaneously being the most rewarding.  There are a number of reasons why this is the case, though I’d like to take a look at a different angle in this piece.

Around this topic, there is one question I’ve asked myself recently: What makes a strategic cross-team initiative successful?

After making some observations and doing some thinking, I believe that I have identified several important factors. While there are surely others, here are seven ways to ensure successful cross-team security initiatives:

1. Executive support: Perhaps it seems obvious, though cross-team initiatives require executive support for them to succeed. The reason for this is often very straightforward. Each team has its own priorities, goals, objectives, targets, and other criteria by which its success is measured. No matter how much a given team wants a cross-team effort to succeed, practically speaking, that team cannot change its own success criteria. Thus, if supporting a cross-team effort comes at the expense of other important intra-team efforts, it will reflect poorly on the team, even though it is what is best for the organization overall. Executive support is required to break this cycle and guide the organization in the direction that is best for it.

2. Clear priorities: In addition to executive support behind cross-team efforts, executives need to set clear priorities both for the initiative and across the organization as a whole. That is the only way that different teams will understand the expectations for the effort they are participating in, as well as where it fits within the organization’s broader strategy. These priorities will be an important input into the decision making process as the initiative moves forward.

3. Responsible party: One of the toughest parts of cross-team efforts is responsible and timely decision making. One reason this happens is because it is not clear to those contributing to the effort who is in charge, and thus, who is responsible for the outcomes of the project. What often ends up happening is that stakeholders and other participants share their views, offer guidance, caution against certain negative outcomes, and discuss various different possibilities. Yet, at some point, in order for progress to be made, decisions need to be made. Making these decisions as a group is clumsy, awkward, and slow.  Only by appointing a responsible party who solicits input, encourages discussion, builds consensus, and subsequently makes responsible and timely decisions can these strategic efforts move forward.

4. Adequate resources: Support, priorities, and a point-person are a great start, though a successful cross-team initiative requires that adequate resources be assigned to it. Although this seems intuitive, many organizations struggle with this step. Teams are generally used to prioritizing and resourcing intra-team efforts. When it comes to cross-team efforts, it is not always so obvious which resources should be pulled from what teams and in what numbers. This is a difficult situation that often arises, and it is one that requires that executives and the responsible party guide teams to allocate these resources in accordance with priorities and budget.

5. Trust: It is an unfortunate reality of larger organizations that there sometimes exists mistrust or distrust between different parts of the organization.  Since cross-team trust is fundamental to teams working collaboratively together, lack of trust severely impedes progress in cross-team efforts. Executives and the responsible party need to work to build trust across stakeholders and participants. This is most easily accomplished by being competent, fair, open, transparent, and well, trustworthy. When bridges are built, teams can work together more effectively and efficiently. This, in turn, will help accomplish the goals of the cross-team initiative.

6. Attainable milestones: Cross-team efforts are similar to intra-team efforts in that they need to be broken down into smaller, attainable milestones. Progress against each of these milestones can be measured and tracked, and if the effort begins to stray off-course, that can be identified early on in the process and remedied. When milestones are too grand or too difficult to attain, even the most well-intentioned cross-team initiatives can go south.

7. Regular touchpoints: Effective communication is key to a successful cross-team effort. One way to accomplish this is to establish regular touchpoints on a recurring basis where priorities are communicated, input and feedback is solicited, confidence and consensus are built, and status reports are provided. With the right group of stakeholders, these regular touchpoints can turn into a vital resource for the cross-team effort.

Most organizations understand the value and necessity of strategic cross-team initiatives. Even so, many organizations struggle with these efforts. While there are likely many approaches to successfully accomplishing cross-team initiatives, I have found the seven points above helpful when working to push these efforts across the finish line.

view counter

Joshua Goldfarb (Twitter: @ananalytical) is currently Director of Product Management at F5. Previously, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Previous Columns by Joshua Goldfarb:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *