Blog Layout
Ric Longenecker, Christian Ulmer • September 3, 2024
Beyond All-Stars: How Cohesion and Purpose Drive Security Team Success

Legendary Basketball coach Phil Jackson one said, “The strength of the team is each individual member. The strength of each member is the team.”   Jackson had the opportunity to coach a number of great players – such as Michael Jordan – and is the highest (championship) winning coach in history. Winning 11 NBA championships in his 20 years of coaching, to be precise.


Jackson’s secret to success? 11 principles developed over the years, a few listed below:


  • Principle 1.      Lead from the inside out
  • Principle 2.      Bench the ego
  • Principle 3.      Let each player discover their own destiny
  • Principle 7.      The key to success is compassion


Our experience at CySafe has shown that great Information Security cannot simply be attained through large investments or a roster of “All Star” team members alone. It must be largely based on purpose, effectiveness, appropriate size, and cohesiveness of the team in itself – as well as the larger organization. A team with mission often is effective, be it defending the organization from attacks or getting a security program implemented.


What makes effective security teams?

Jackson’s principles relate outside of the basketball court and are very relevant for a Security Team today. What motivates people is largely universal.


We find that:


  • Effective teams work best in environments that are trusting, collaborative, yet still competitive
  • Team members are generally very aware of their surroundings and strive to raise up others, including other IT teams and the external environment
  • They are empowered by clear and binding priorities (while remaining autonomous), an efficient operating model, and challenging development opportunities


A great team will have an agreed purpose and mission, and also the ability to manage both Business-as-Usual (BaU) and strategy (change) execution over time. This evolution doesn’t come for free, and time must be invested both on the part of leadership – as well as the team itself to bear fruit.


Methods and approaches for success

There are a number of influencing factors for teams that can be considered:

A Positivity Focus

  • Mission and purpose discovery and alignment
  • Identification and promotion of efficiency drivers
  • Reduction of negative influencing factors (security debt)
  • Feedback and continuous improvement

Metrics & Analysis

  • Analysis of data (actual vs target comparison, benchmarking)
  • Qualitative and quantitative performance metrics

A Thoughtful Structural Approach

  • Balance between RtB (Run the Business) & CtB (Change the Business)
  • Value stream mapping
  • Individual, team and cross-functional structures


Structure – especially in organizations under constant change, growing in size or responsibility – is incredibly important for team execution. 


Principles found in scrum development methodology which have been gaining industry traction can be applied here (e.g. the model of Aligned Autonomy, as illustrated by Spotify), focusing on skill sets of individuals and desired team structures leading to great results.

We find the following model useful to identify the expertise, knowledge and "soft skills" within a team:


I-Shape: Specialist, deep expertise/extensive knowledge in a single domain


T-Shape: Deep expertise in one area, combined with a broader range of knowledge in other areas


Pi-Shape: Deep expertise in two domains, connected with broader knowledge in other areas


Comb-Shape: Profile with deep expertise in multiple areas, combined with a very broad knowledge in other fields


The idea being, that once a purpose and mission is identified, the right balance between breadth of knowledge (and responsibilities) vs depth of knowledge (and capability) for effective individuals or teams is applied and enabled.

Additional Activities and Considerations

One of the biggest challenges for leadership and teams is to find time to reflect and/or align - given the pace of change within the organization, demand created by rising incidents, IT/Product momentum, or simply how BaU is currently managed. We find that it’s best at least once a year to focus on the organization and then establish a continuous review and improvement cycle.


There are a number of additional tools available to security leaders to enable effectiveness for individuals or teams – most effective when well-prepared, and performed together. These include determining team commitment (is your team engaged or just involved), in-depth analysis of the development paths of people, collaboration exercises, goal alignment, estimation of continuing or existing work as well as prioritization (i.e. MoSCoW or Fibonaci and others). 


Often, these can be effectively implemented with external facilitation – which eases the planning and preparation burden for leadership and offers a level of neutrality. Used correctly – both individuals and the team will come out stronger afterwards! 



We use cookies to ensure that we give you the best experience on our website. To learn more, go to the Privacy Page.
×
Share by: