Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

7 Smart Ways a Security Team Can Win Stakeholder Trust

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.

Joshua Goldfarb, Field CISO

October 11, 2021

4 Min Read

In any enterprise, building stakeholder trust and confidence is an important part of moving important initiatives forward. The security team is not exempt from this responsibility, and the effectiveness and success of a security team is highly correlated to its ability to build trust and confidence among its stakeholders.

Some security teams are better at this than others, of course. I’ve noticed over the course of my career that certain traits a security team can exhibit or learn to exhibit are very helpful in reaching this goal. Here are a few helpful points that I’ve seen help security teams build stakeholder trust and confidence.

• Overcommunication: A security team can never provide too much clear, concise, on-point, and focused communication to its stakeholders. If you think you can overcommunicate on relevant topics, you are mistaken. In my experience, far too many disagreements and battles aren’t disagreements or battles at all - they are merely misunderstandings, miscommunications, or a complete lack of communication. In real estate, people say “location, location, location” - in security, we should say “communicate, communicate, communicate.” Opening the lines of communication is a great way to build trust.

• Honesty: Don’t be afraid to be honest, even if it means admitting fault, acknowledging a mistake, or being the bearer of bad news. Stakeholders appreciate honesty more than you might realize. Sure, they will provide their feedback, make suggestions, and perhaps even demand that certain issues are addressed. But that is all healthy and good for a security team. On the other hand, lying or misrepresenting information to stakeholders nearly always has disastrous consequences. Being honest, even when the facts may not be flattering, is always the best way to build stakeholder trust and confidence.

• Transparency: I can’t stress enough the importance of a security team being open and transparent with stakeholders. I’ve been in meetings where stakeholders learn that certain information has been withheld from them or that an inaccurate picture was deliberately painted. It isn’t pretty, and it can often take a very long time for a security team to overcome having done that. Be transparent - it pays huge dividends in the long run.

• Sincerity: While not everyone can pick up on fakeness and insincerity, many people can. When a security team is sincere in its efforts and the manner in which it engages with its stakeholders, that does not go unnoticed. Stakeholders very much appreciate sincerity, and it goes a long way towards building trust and confidence.

• Diligence: Stakeholders generally appreciate hard work. While they don’t expect the security team to be perfectly mature and execute flawlessly, they do expect commitment and dedication. This includes times during which the security team is working to remedy or rectify certain issues that may have occurred or mistakes that may have been made. Security teams that give it their all, even if and when they make mistakes, earn the respect of their stakeholders.

• Listening: I haven’t met too many people in my life who appreciate people who aren’t great listeners. The same is true for security teams. When stakeholders raise issues or express concerns, they often do so with the intent to better the state of security, reduce risk, and safeguard important data and assets within the enterprise. If the security team is dismissive of much of what stakeholders raise, those stakeholders will take notice. The result is that the security team will not be able to build the trust and confidence they so desperately need to build.

• Action: Actions speak louder than words. I’ve met far too many people who can talk circles around others, only to disappoint with their actions later. Follow-through is the name of the game here. If the security team commits to or promises something, that commitment or promise ought to mean something. When it does, trust and confidence in the security team will soar. When it doesn’t, that trust and confidence will plummet.

No matter how good a security team is and how good its ideas are, they will not move forward without the buy-in of stakeholders. That buy-in is highly dependent on the trust and confidence those stakeholders have in the security team. By investing in the above activities, security teams can more effectively move their initiatives forward.

About the Author

Joshua Goldfarb

Field CISO, F5

Josh Goldfarb is currently Field CISO at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights