In any enterprise, building stakeholder trust and confidence is an important part of moving important initiatives forward. The security team is not exempt from this responsibility, and the effectiveness and success of a security team is highly correlated to its ability to build trust and confidence among its stakeholders.
Some security teams are better at this than others, of course. I’ve noticed over the course of my career that certain traits a security team can exhibit or learn to exhibit are very helpful in reaching this goal. Here are a few helpful points that I’ve seen help security teams build stakeholder trust and confidence.
• Overcommunication: A security team can never provide too much clear, concise, on-point, and focused communication to its stakeholders. If you think you can overcommunicate on relevant topics, you are mistaken. In my experience, far too many disagreements and battles aren’t disagreements or battles at all - they are merely misunderstandings, miscommunications, or a complete lack of communication. In real estate, people say “location, location, location” - in security, we should say “communicate, communicate, communicate.” Opening the lines of communication is a great way to build trust.
• Honesty: Don’t be afraid to be honest, even if it means admitting fault, acknowledging a mistake, or being the bearer of bad news. Stakeholders appreciate honesty more than you might realize. Sure, they will provide their feedback, make suggestions, and perhaps even demand that certain issues are addressed. But that is all healthy and good for a security team. On the other hand, lying or misrepresenting information to stakeholders nearly always has disastrous consequences. Being honest, even when the facts may not be flattering, is always the best way to build stakeholder trust and confidence.
• Transparency: I can’t stress enough the importance of a security team being open and transparent with stakeholders. I’ve been in meetings where stakeholders learn that certain information has been withheld from them or that an inaccurate picture was deliberately painted. It isn’t pretty, and it can often take a very long time for a security team to overcome having done that. Be transparent - it pays huge dividends in the long run.
• Sincerity: While not everyone can pick up on fakeness and insincerity, many people can. When a security team is sincere in its efforts and the manner in which it engages with its stakeholders, that does not go unnoticed. Stakeholders very much appreciate sincerity, and it goes a long way towards building trust and confidence.
• Diligence: Stakeholders generally appreciate hard work. While they don’t expect the security team to be perfectly mature and execute flawlessly, they do expect commitment and dedication. This includes times during which the security team is working to remedy or rectify certain issues that may have occurred or mistakes that may have been made. Security teams that give it their all, even if and when they make mistakes, earn the respect of their stakeholders.
• Listening: I haven’t met too many people in my life who appreciate people who aren’t great listeners. The same is true for security teams. When stakeholders raise issues or express concerns, they often do so with the intent to better the state of security, reduce risk, and safeguard important data and assets within the enterprise. If the security team is dismissive of much of what stakeholders raise, those stakeholders will take notice. The result is that the security team will not be able to build the trust and confidence they so desperately need to build.
• Action: Actions speak louder than words. I’ve met far too many people who can talk circles around others, only to disappoint with their actions later. Follow-through is the name of the game here. If the security team commits to or promises something, that commitment or promise ought to mean something. When it does, trust and confidence in the security team will soar. When it doesn’t, that trust and confidence will plummet.
No matter how good a security team is and how good its ideas are, they will not move forward without the buy-in of stakeholders. That buy-in is highly dependent on the trust and confidence those stakeholders have in the security team. By investing in the above activities, security teams can more effectively move their initiatives forward.