If you supervise a cyber security team, then this brief note is for you. It proposes a simple task that you can do with your team today – and our experience at TAG Cyber suggests that it might be the most valuable action you perform all year. Here’s what you must do:
Get your team together for thirty minutes – do it today – and ask them to do the following: Have them each send you a private chat with the top three cyber risks they perceive to be present for your organization. Give them two minutes for this task.
When you’ve received all the cyber risks – and you, as the leader of the team, must do this as well – just read them aloud, one at a time. Few of the risks, in our experience, will be repeats. Teams of ten usually generate thirty different risk answers.
Oh – and do not tell anyone who said which risk, including your own. Just read them one at a time and let people hear the risk, and presumably compare what they are hearing against the list they had created and sent to you via chat.
Now have a brief discussion about whether anyone heard risks from someone else that would make them adjust their own list. Take about 15 minutes for the discussion, after which you can ask everyone to send you another private chat with a new list.
If the aggregate number of unique answers decreases on this round, then that’s good. You’re making progress. If the number doesn’t change, or worse – increases, then you have a stubborn bunch, and you’ve got some work to do.
Until everyone in your group eventually responds with exactly the same three risks, your team is not aligned. Period. If any two members disagree on the top three risks, then it seems impossible that things can work as smoothly as you need.
So . . . you must repeat this task (wash, rinse, repeat), until you reach this elusive goal. Don’t give up though. If you stick with this, maybe weekly, then everyone will either align, or will just change their answers to end this tedious exercise.
Either way – you will have aligned your team on the top three cyber risks. Now go and get your team together and get started. Let us know afterward how you made out.
