Managing Diverse Personalities on Infosec Teams

Building a mystery

A security team—just like any functional area team—is made of up unique individuals with distinct personalities and working styles. While the team as a whole needs to work towards shared goals, regardless of what those goals may be, one common misconception about governing a team is that an effective team leader develops and enforces standards that have team members working in a similar fashion, tackling projects the same way, and following the “rules” of how a task should be completed. 

Of course doing so makes it easier to manage; if all processes and procedures are exactly the same, anyone overseeing or interacting with the processes and procedures can do so by rote. The problem with this, however, is that the team leader ends up isolating and frustrating anyone for whom the processes and procedures don’t quite work, and diminishes the quality of the end result by stifling individual thought.

You come out at night

The best managers hire employees who bring complementary skills and ideas to a group setting. These workers are versatile enough to be both team players and individual contributors, drifting between requirements as necessary and appropriate. They aren’t “worker bees,” doing merely what they’re told; they press the team or organization to consider new angles from which to examine problems and opportunities. They contribute instead of “check off.” Think of it this way: If you’re managing a team of people and one of your staffers clocks in at 9 AM, does only what he or she is told, then clocks out at the end of the day without a second thought to environmental factors, is that the kind of person you want working for you? Or would you prefer someone who helps you come up with new solutions to fixing security problems, someone who thinks creatively and proactively about ways to harden your network and keep adversaries away?

Workplace flexibility is becoming more commonplace, yet “flexibility” is often thought of as the ability to work remotely, to alter working hours to accommodate non-work appointments, or to bring one’s preferred technology (e.g., Mac vs. a PC; iPhone vs. Android). But flexibility also means “giving everyone a voice,” says Michael Santarcangelo, security leadership and communication expert. In other words, provide employees enough space that they know where they have to start and where they have to end, but don’t be so prescriptive that every employee needs to follow the same path to arrive at the same outcome, even if they’re working on the same or parallel projects.

That’s when the energy comes

Think of employee projects as treasure hunts: Each player starts at the same location then must navigate his/her way to designated checkpoints along the route and provide proof of the requisite collected items. He or she is only finished with the hunt when she/he arrives at the destination and is in possession of every object (which are the same for every player). It doesn’t matter if one player ran across the park and another ran around the park to find “clue number 3.” It only matters that “clue number 3” was found, it leads to “clue number 4,” and each of those clues allows the players to collect every treasure along the course. As it relates to a treasure hunt, it also doesn’t matter if the players don’t work sequentially. As long as all of the treasures are found and each person arrives at the same destination, everybody has completed her/his race successfully.

Look for places in your security team where this can also be true. Don’t force everyone to use the same method, even if the goal is the same. In fact, there is considerable merit in providing employees the flexibility to do things their own way—individuals might uncover a new opportunity to improve a process, they might discover a previously unknown vulnerability, they might stumble upon an instructive log anomaly. The possibilities are endless when you give people room to innovate.

And the dark side’s light

“Blending what makes us unique with what is valuable as a team takes work,” says Santarcangelo, but it is well worth the effort. Giving diverse personalities the opportunity to flourish has many noted benefits: Employees report feeling a greater level of personal fulfillment, which leads to higher achievement at assigned tasks, longer voluntary work hours, more commitment to the organization, fewer sick days, the introduction of new ideas, increased cooperation among coworkers, and more.

As you think about how you want your team to operate, ask yourself if the most important thing is having everyone do everything in a prescribed fashion, or if it’s getting work done in a productive way that allows the organization to achieve its goals while, perhaps, infusing new ideas into the process. Put in that perspective, the choice seems obvious, doesn’t it? 



Interesting in hearing more about this topic as well as others? Click here for more information on our InfoSec World Conference & Expo.