> positive relationships throughout the organization ... desperately needed for cybersecurity team
Why is that more important for cybersecurity teams? Is it that other teams can sometimes look at security as something annoying that slows them down? So they care about security not because they care about security, but because you + team are their friends? :-)
It's really common for other teams to view cybersecurity as an antagonist. We're the a-holes who slow them down, demand they follow rules, wag our fingers when they try to cut corners, etc.
It's also very common for people to view cybersecurity engineers as people who needlessly make things more difficult just so they can "look like they're busy" and collect a heftier salary. (I've found this mindset especially common in non-technical teams.)
We're kind of like the dentists of the industry--everyone grumbles about how pricey we are, no one looks forward to visits from us, people question whether we're actually fixing things or just out to make a buck, and we have to hand out all sorts of annoying reminders (floss your teeth! don't install Chrome add-ons! brush twice a day!)
Having a strong relationship with other teams allows me to come to the table and say, "Hey, look, we both respect each other. You know I don't bullshit, and I wouldn't be asking you to do this if it wasn't a real issue. So please at least listen to my concern and try to work with me here. And you know I'll always listen to your concerns in turn, so we can do this as painlessly as possible."
So it's not exactly "getting them to care about security because we're friends." It's more of, "getting them to listen because we both respect each other." And if you can do that--get them to listen instead of having them immediately shut down, get angry, and convince themselves it's all bullshit--then usually they'll quickly understand there's an actual threat at hand. And once you convince them there's an actual threat, they're way more likely to do something about it, instead of throwing a fit and resorting to vindictive pushback.
Could that be the topic of a blog post? I'm interested in security and I've understood that I'd better avoid browser add-ons, but what more to not do?, from you & your team's perspective
> listen because we both respect each other
Ok yes "respect each other" sounds like a better way of saying that.
Fortunately, where I work, I can be as paranoid as I want wrt security :-) and postpone "deadlines" if needed, to do security stuff instead.
> And if you can do that--get them to listen instead of having them immediately shut down
I find it a bit interesting that soft skills (helping teams respect each other) can "convert" into and catalyze hard skills, I mean, secure IT systems
Why is that more important for cybersecurity teams? Is it that other teams can sometimes look at security as something annoying that slows them down? So they care about security not because they care about security, but because you + team are their friends? :-)