What do you consider to be the main characteristics of a positive security team culture?
Sort by:
CISO in Software2 months ago
Transparency and safety
CISO in Insurance (except health)2 months ago
For me, the cornerstone of a positive security team culture is trust. Without it, nothing else works.
With trust, people feel safe to speak up, challenge ideas, admit mistakes, and ask for help — all critical in security, where collaboration and fast feedback matter.
It also means no blame games. Just open, respectful communication.
A book that shaped my thinking here is The Five Dysfunctions of a Team — it’s been a go-to reference throughout my leadership journey.
Flexibility of though. Don’t say nor even think “that’s impossible”. If you’d thought of the issue, then the attack you’re fighting probably wouldn’t have been able to happen.
Trust in team members. Ideally each team member will be able to back up others, but multiple people with an identical skillset isn’t a best practice. Handle work within our “scope” and allow other to do the same. Micromanagement and duplication of efforts both hurt organizations.
Find/make space to speak honestly. It is not recommended to share “dirty laundry” with external parties or even everyone within your firm. However, there should be a safe space for security people to be frank and open about issues. Problems occur when individuals with knowledge of security issues are afraid to speak up or don’t have a means of quickly escalating dire issues.