• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership

Security team culture matters

Jinan Budge by Jinan Budge
December 29, 2023
Image by Pexels from Pixabay

Image by Pexels from Pixabay

Our research in 2020 dissected the causes of toxicity in cybersecurity and outlined that, in a practical sense, a toxic culture in cybersecurity looks like a team rife with infighting, unhappiness, and aggression between team members. Not only will this cultivate an unpleasant environment, but it also has the potential to ruin your security team’s reputation, undermine your team’s integrity, and put your organization at risk.

Toxicity

As it turns out, toxicity is a significant issue impacting talent attraction and retention, both of which are significant issues in cybersecurity. In 2022, research by MIT Sloan Management Review examined aspects of culture and other topics that employees frequently discussed in Glassdoor reviews. The research found that the single best predictor for employee turnover was a toxic culture. In fact, according to the research, “A toxic corporate culture was 10 times more predictive of attrition than compensation during the first six months of the Great Resignation.” Researchers defined the five attributes of a culture that make it toxic: “The Toxic 5” — environments that are exclusionary, disrespectful, unethical, cutthroat, and abusive.

Good culture

But what makes a good culture? How do we obtain it? And how does it benefit us? We talk about team culture in security a lot. We know that it matters. But so few of us know how to measure culture, let alone how to change culture. We speak of team culture in vague and, frankly, incorrect terms — it’s a “good, or bad, culture.” We want to hire people who “fit in” to our culture. And we find it very difficult to understand the impact of culture, believing instead that it’s this fluffy, feel-good, and optional concept. I’m not judging — far from it: I’ve been there!

Culture energy model

Cue my colleagues Angelina Gennis and James McQuivey’s research, Introducing Forrester’s Culture Energy Model, which represents four dimensions of organizational culture: adaptability, purposefulness, commitment, and motivation. The idea is that, the higher an organization scores on these dimensions, the more culture modes it can embrace, enabling more satisfying employee and organization outcomes. I am thrilled to announce that we were able to use this excellent research to showcase The State Of Security And Risk Culture Energy (Forrester client access only). Here is what we learned:

  • Security and risk teams are more motivated and purpose-driven than others. As a 25-year cybersecurity veteran, this totally checks out for me. Almost everyone I know in our industry is mission- and purpose-driven. They took on this job to protect others!
  • Security and risk teams are closer to their leaders in culture energy than other professions. In most professions, leaders generally experience a better culture energy. They get paid more, delegate, and enjoy more visibility — what’s not to love? It’s a bit different for security and risk (S&R). S&R teams are relatively small, meaning that the leaders are close to the real work. Teams benefit from the hands-on approach, which explains the smaller gap in culture energy.
  • Being in the office, versus working from home, affects culture energy levels. Only nine of 18 homeworkers are adaptable, a dimension that’s increased with great alignment and collaboration with the business and that may benefit from being in an office. Working from home doesn’t impact commitment, motivation, or purpose; 14 of 18 security homeworkers are committed and motivated, and 15 of 18 are purpose-driven.
  • Future fit organizations with high IT maturity have more energized, innovative S&R teams. Customer-obsessed organizations have a future fit technology strategy that enables adaptivity, creativity, and resilience. S&R teams in those organizations feel emotionally connected to their work — they are energized and unlikely to leave, and they trust their teammates more.

Now that we know this, my task over the next 12 months is to work out how we get past toxic and other negative cultural settings — the set of behaviors, norms, rituals, and artifacts that have emerged over the prior years — and evolve into a culture high in culture energy. Stay tuned for this work!

Originally posted on Forrester

Related:  PodChats for FutureCIO: Why automatedly human is the way forward in CX
Tags: Forrestersecurity teamTeam culture
Jinan Budge

Jinan Budge

Jinan Budge leads Forrester’s security and risk research in Asia Pacific. Her research focuses on enabling chief information security officers (CISOs) and technology executives to lead a high-performing security organisation and culture. Budge globally leads Forrester’s awareness, behaviour, and culture coverage, using strategic and innovating thinking to shape the market. She is also an advocate for diversity and inclusion in security. Budge focuses on ensuring that cybersecurity teams not only attract but also retain the best talent, and she brings a local and global perspective and cultural lens to her research and practice. Previous Work Experience Budge’s research remains pragmatic, as she recently returned to Forrester after several years as director of cyber strategy at Transport for NSW and a similar role with Qantas Airlines. She has built, stood up, and delivered significant Cyber Transformation strategies across the public and private sectors. She is an experienced people leader and international keynote speaker, and she's passionate around her purpose in the security field. Education Budge holds two bachelor’s degrees in science and commerce from the Australian National University.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe