Chapter 1: Understanding the Divide

In the realm of cybersecurity, tensions often arise between Cybersecurity and IT departments. This is a frequent scenario where Cybersecurity is viewed as a hindrance, acting as the final barrier before projects go live. Such perceptions can create friction, leading to misunderstandings about the role of cybersecurity as a protective measure rather than an obstruction.

For instance, during my tenure at a previous company, the IT team had been tirelessly preparing for the launch of a significant application. Just before the deployment, Cybersecurity intervened, citing critical vulnerabilities that needed addressing. This situation escalated into a heated debate, as the IT team felt overwhelmed and frustrated, viewing Cybersecurity's actions as an unwelcome last-minute complication. Conversely, Cybersecurity felt compelled to act, recognizing the potential risks involved.

To enhance cooperation, it's vital to change the narrative surrounding how cybersecurity interacts with IT, especially in terms of communication.

Section 1.1: Communicating Effectively

1. Reframing Conversations

   It’s common for IT to rush projects into production, often clashing with security requirements. Instead of presenting the issue as “IT cannot proceed,” consider saying, “We can proceed with the right safeguards in place.” This shift promotes a sense of partnership rather than blame.

2. Addressing Security Findings

   When security assessments reveal critical issues, the usual response from IT might be reluctance due to workload. Instead of saying, “The application has critical findings,” try, “We need to collaborate to resolve these issues promptly.” This approach fosters teamwork and encourages a collective effort to meet deadlines.

Chapter 2: Building Collaborative Frameworks

Once communication improves, the next step is to create actionable strategies for collaboration.

1. Joint Training Initiatives

   Organizing joint training sessions where IT and Cybersecurity teams can exchange knowledge on secure coding practices, threat modeling, and security assessments can significantly improve mutual understanding.

2. Shared Objectives

   Establishing shared performance metrics encourages both teams to work toward common goals. For example, aiming for a 30% reduction in security vulnerabilities creates a sense of joint accountability.

3. Cross-Departmental Exchange Programs

   Implementing programs that allow Cybersecurity personnel to work within IT and vice versa can bridge the knowledge gap. I once initiated a “security champions” program where select IT staff spent time in Cybersecurity, resulting in better communication and insights across teams.

By applying these strategies, organizations can foster a culture of collaboration and respect, leading to better security outcomes and reduced conflict between departments.

The first video titled "Bridging the Gap With CompTIA: Cybersecurity Skills and Training" offers insights into how effective training can close the skills gap between IT and Cybersecurity.

The second video, "Bridging the IT Skills Gap for Small Business: Practical Tips and Solutions," provides practical advice on overcoming common challenges faced by small businesses in cybersecurity.

Taimur Ijlal is an accomplished leader in information security, with over 20 years of global experience in cybersecurity and IT risk management, especially in the fintech sector. Connect with him on LinkedIn or check out his YouTube channel, "Cloud Security Guy," for valuable content on Cloud Security, AI, and career advice in cybersecurity.

Thank you for engaging with the In Plain English community! Be sure to follow us on our various platforms for more insightful content.