Building a Strong and Effective Healthcare Security Team
Building a strong and effective security team takes a lot of effort, and a lot of luck. It is difficult to find the right mix of personality and technical skills needed to build a strong synergistic team.
While it is relatively easy to find candidates with the right technical skill set, finding employees with the right mental outlook can be much harder. Reaching out past how the resume looks is difficult. And if you are not careful, it can turn into a legal issue.
A manager must not leave either of these important facets to chance. Having a plan will help immensely so you can focus on what matters.
The following are areas that you should address while you are assembling and training your team.
At the heart of any project or task involving more than one person, you will find the need for leadership.
Without strong leadership, teams tend to drift without purpose, this is especially true in the information technology arena. The modern security threat is too sophisticated to tackle in an ad hoc manner. To be effective, the leader must give focus to the team and hold team members accountable for their activities.
A strong leader doesn’t need to be able to do every task, but he does need to understand what needs to be accomplished and the basics of how to accomplish the task.
The command and control function is critical to success.
Focus on Teamwork
Synergy: the creation of a whole that is greater than the sum of its parts.
A strong team takes its various members and tasks them in a manner that makes the team stronger and more productive. The cyber security threat is so sophisticated that no one person can know everything needed to combat cyber criminals.
We like to break cyber security into isolated parts, when in fact we need these parts to be the parts of the same coin or building blocks in our response. Every security team member must understand that their contributions matter and are important to the success of the mission.
Finding the Right Skill Sets and personalities
Building a strong security team can be frustrating. You not only have to find the right skill sets, but you have to find the right team member. Nothing will destroy a team more than having toxic team members.
Skills can be learned, but for most people personality has been solidified long before they join your team. Take the time to ensure every member of your team fits together as well as possible.
Certifications are a great way to get a grasp on a candidate’s baseline knowledge, but they are only part of the picture. I strong working background must supplement any academic knowledge.
It is best to have a hiring plan laid out before you start the applicant search process. Think of it like a business or marketing plan for obtaining the best employees. This plan should break down the tasks you wish your employees to be able to address.
Always remember that no one employee will have all the skills you need. Don’t be afraid to add in contractor or consulting personnel to provide the needed experience.
Build multiple Layers of Security
Defense in depth is a military concept adopted by cyber warriors to secure their system parameters for attack or exploit.
It simply means having your defenses broken down into similar layers to slow down or prevent and attacker from penetrating the network. It is meant to give the cyber warrior team time to respond to any attempted intrusion.
One method of organizing a team is to separate functions into similar groups under a single person or sub-team. Each person or team is responsible for a specific area of the cyber security arena.
Investing in Cyber Security
Everything in information technology comes down to money. Cyber security is no different. To be effective, a cyber security initiative must address its people as well as its inanimate assets.
Cyber Security: People
This is where you will get the most benefit. Hiring the right people and investing money to increase their knowledge brings great benefit to the team. Many times it is cheaper to bring in an individual with lower qualifications and train them up than hiring a fully qualified employee. Contractors or consultants can temporarily bridge the training gap.
Cyber Security: Non-personnel
Besides having the right people, you must have the tools necessary to complete your tasks. Money spent on tools is money well spent, provided the right tools are selected and the right person is available to monitor them.
None of the suggestions made in this document matter if compliance isn’t monitored and enforced. The team leader must constantly monitor the tasks assigned to the team, just as the team must constantly monitor the network environment.
Developing a plan detailing all aspects needing to be monitors will allow the team to quickly react to any cyber threat.
There is no one best method of assembling a security team. Ultimately, the team leader must select team member based on how they present themselves and be ready to replace them if they fail to meet the needs of the team.