Mind the Tech Gap: Addressing the Conflicts between IT and Security Teams

IT and cybersecurity teams have had a long-standing battle between functionality and security. But why? To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact how IT and cybersecurity teams interact. With different levels of budget, competing goals, and a history of lack of communication, there is a lot of work to do to bring these teams together. Empathy and emotional intelligence are common phenomena discussed in leadership books, so why not at the practitioner level? Technical teams are constantly juggling projects, engineering tasks, risk management activities, security configurations, remediating audit findings, and the list goes on. Understanding how psychology and human factors engineering practices can improve both IT and cybersecurity teams can positively impact those relationships, as well as strengthen both functionality and security. There is no reason to have these teams at odds or competing for their own team's mission; align the missions, and align the teams. The goal is to identify the problems in your own team or organization and apply the principles within to improve how teams communicate, collaborate, and compromise. Each organization will have its own unique challenges but following the question guide will help to identify other technical gaps horizontally or vertically.

IT和資訊安全團隊一直以來都在功能性和安全性之間進行著長期的鬥爭。但為什麼會這樣呢？為了了解問題所在，本書將探討不同的工作職能、目標、關係和其他可能影響IT和資訊安全團隊互動的因素。由於預算不同、目標相互競爭以及缺乏溝通的歷史，需要做很多工作來使這些團隊走到一起。同理心和情商是領導力書籍中常討論的現象，那為什麼在從業者層面上不討論呢？技術團隊不斷地在專案、工程任務、風險管理活動、安全配置、整改審計發現等方面進行平衡。了解心理學和人因工程實踐如何改善IT和資訊安全團隊，可以積極影響這些關係，同時加強功能性和安全性。沒有理由讓這些團隊對立或為自己團隊的使命而競爭；對齊使命，對齊團隊。目標是識別自己團隊或組織中的問題，並應用其中的原則來改善團隊之間的溝通、合作和妥協。每個組織都會面臨自己獨特的挑戰，但遵循問題指南將有助於識別其他水平或垂直上的技術差距。

Nikki Robinson earned a DSc in Cybersecurity, several industry certifications including CISSP, and is a Security Architect by day, and an Adjunct Professor at night. She had more than 10 years of experience in IT operations before moving into the security field about 3 years ago. She has been studying vulnerability chaining concepts and is working on a PhD in Human Factors to combine psychological and technical aspects to improve security programs. Expected completion for the second Doctorate is December 2021. She has a passion for teaching and mentoring others on risk management, network defense strategies, and DFIR. She is currently a Security Architect at IBM and has technical experience in continuous monitoring, risk management, digital forensics, and incident response. She has spoken at several conferences on a variety of topics from human factors security engineering, malicious website graphing, and DevSecOps.

Nikki Robinson在白天是一位安全架構師，晚上則是一位兼職教授，她擁有一個Cybersecurity的DSc學位，以及包括CISSP在內的多個行業認證。在約3年前轉入安全領域之前，她在IT運營方面擁有超過10年的經驗。她一直在研究漏洞鏈接的概念，並正在攻讀一個結合心理和技術方面以改善安全計劃的人因學博士學位。預計第二個博士學位將於2021年12月完成。她熱衷於教授和指導他人有關風險管理、網絡防禦策略和DFIR的知識。她目前是IBM的安全架構師，並在持續監控、風險管理、數字取證和事件應對方面具有技術經驗。她曾在多個會議上就各種主題發表演講，包括人因安全工程、惡意網站圖形化和DevSecOps。