Have you ever worked on a security team where the decisions, communication, and overall team culture are dominated by one or two "rock stars"? Are constant disagreements and passive-aggression among team members hurting your ability to respond effectively? Does your high-functioning team work well together but not with other teams? This presentation will address these challenges and more based on one of the most comprehensive studies of incident response teams ever conducted, including 80+ focus groups and interviews (over 200 participants) across 17 international organizations. We will show that a lack of attention to social maturity is the main cause of these challenges and provide a framework to address them.
Cybersecurity Incident Response Teams (CSIRTs) rely on technical and social skills to be successful, though we often focus on technical skills at the expense of communications, collaboration, and teamwork development. The solution, however, is not more technology to compensate for the lack of teamwork or adding more personnel to cover the gaps. Rather, it is a deliberate focus on the social abilities necessary to be more collectively effective: trust, responsible decision-making, adaptation, collaborative problem-solving, and effective communication.
The right training, incentives, and feedback can enhance these skills and improve CSIRT social maturity. This lowers the barrier to entry for less experienced staff and reduces turnover in an extremely hot job market. Drawing from decades of operational experience and five years of in-depth field research by a team of experts in workplace psychology, this talk will provide a framework for applying principles of behavioral psychology to improve the social maturity of your CSIRT. We will describe tools proven by scientific research to instill and enhance the skills defenders need to work together more effectively and achieve the results we want: a consistent, reliable, and timely defense.