{"id":15416,"date":"2026-01-06T07:05:53","date_gmt":"2026-01-06T07:05:53","guid":{"rendered":"https:\/\/newestek.com\/?p=15416"},"modified":"2026-01-06T07:05:53","modified_gmt":"2026-01-06T07:05:53","slug":"6-strategies-for-building-a-high-performance-cybersecurity-team","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15416","title":{"rendered":"6 strategies for building a high-performance cybersecurity team"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Longtime security chief George Gerchow<\/a> had sought top-notch security engineers and developers to build his team.<\/p>\n

Gerchow considered these workers \u201csuperstars\u201d \u2014 and they proved him right in many ways. They were ambitious go-getters \u201cwho came in and absolutely killed it. They\u2019d do a great job, but then they\u2019d move on.\u201d<\/p>\n

Gerchow discovered that a collection of such superstars didn\u2019t create a high-performing team, which he defines as one that works well together to protect the company, leans in, and builds trust among themselves and the business units. He realized to build a great team he needed a better mix of worker types.<\/p>\n

Such teams don\u2019t come together without effort. \u201cEveryone needs to work on creating better teams,\u201d Gerchow says.<\/p>\n

Here, he and other veteran security leaders share six strategies to do that.<\/p>\n

1. Build a diverse team<\/h2>\n

Having learned as CISO at a past company that having only one type of worker doesn\u2019t get him the best overall team, Gerchow changed his recruiting and hiring practices<\/a>. He sought to balance out the highly ambitious engineers he hired for innovation and big initiatives \u2014 and whose tenures could be short-lived, as they chased other projects \u2014 with those he calls \u201crock stars\u201d \u2014diligent, focused workers who deftly and reliably handled the day-to-day routine tasks that make up the bulk of security department responsibilities.<\/p>\n

\u201cYou need a mixture of both of those,\u201d says Gerchow, now CSO at Bedrock Security and a faculty member at IANS Research.<\/p>\n

Gerchow also advocates for hiring workers with diverse backgrounds, saying \u201cgetting those different backgrounds brings different perspectives, and getting those into the security strategy is great; it builds different synergies.\u201d<\/p>\n

2. Be clear on the mission<\/h2>\n

Sharon Chand<\/a>, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team\u2019s mission.<\/p>\n

To do that, though, team members need to know what the mission is and buy into it<\/a>.<\/p>\n

\u201cIt has to be a very clear mission that the leaders have articulated,\u201d she says, explaining that the mission gives guidance on what everyone should be doing.<\/p>\n

CISOs may think that the security\u2019s department mission is clear \u2014 or that the mission is simply stated as \u201cprotect the organization from threats\u201d \u2014 but Chand says a mission that provides clarity and details on the risks, threats, and security priorities that are unique to the organization based on its industry and business gives the teams an objective to rally around and direction on how to act \u201cwithout having to check in and run things up the chain.\u201d<\/p>\n

In that way, Chand says a clear mission allows for speed \u2014 a needed attribute for security teams in an era when the pace of attacks is accelerating<\/a>.<\/p>\n

\u201cA mark of a high-performing team is when the team understands its role in helping the business be successful, because they understand it\u2019s not just about driving down critical alerts or responding to events within certain SLAs; it\u2019s about making sure the business can continue to run. That helps with purpose and motivation,\u201d Chand adds.<\/p>\n

Gerchow also sees how a clear mission helps build a strong team: \u201cTelling developers they have to do something for compliance doesn\u2019t excite them,\u201d he says, \u201cbut it does if you talk about risk and how to advance the business, if you put it in terms of what\u2019s in it for the business.\u201d<\/p>\n

3. Properly equip the team to fulfill the mission<\/h2>\n

A high-performing team<\/a> needs the right training, tools, and techniques to fulfill its mission, and that\u2019s no different in the cybersecurity space, Chand says.<\/p>\n

Of course, no CISO has an unlimited budget to fund every need staffers might identify, so it\u2019s important to be strategic by knowing the team members\u2019 strengths and by identifying where they need more training, what tools they\u2019re best equipped to optimize, and where they must focus on improvement.<\/p>\n

\u201cCISOs need to be enabling them with the right training and technology to evolve their skills to meet the mission,\u201d Chand adds.<\/p>\n

That now includes ensuring the security team can use artificial intelligence to transform their roles, she says. \u201cIt\u2019s teaching them to use data and analytics and how to use AI in a different way.\u201d<\/p>\n

The use of AI also boosts the ability to improve team performance, Chand notes, as scaling the use of AI in the security department \u201ccreates bandwidth\u201d that enables CISOs and their staffers to move out of reactive mode and gain time and resources to upskill.<\/p>\n

4. Be great at prioritizing<\/h2>\n

CISOs can build a high-performing team by getting better at setting and communicating priorities so team members know where to focus their time and efforts, says Nathan Wenzler<\/a>, field CISO for client advisory at cybersecurity firm Optiv.<\/p>\n

\u201cWe\u2019ve known in the industry for a long time that we can\u2019t boil the ocean, we can\u2019t patch every vulnerability, we can\u2019t fix every line of code. There\u2019s simply too much to do, and we don\u2019t have the resources to do it all. So prioritization is the right path,\u201d he says. \u201cIt\u2019s a function that a lot of people say they do, but many aren\u2019t executing it well.\u201d<\/p>\n

CISOs who consolidate data from their security tools to create a holistic view of threats and vulnerabilities and align security strategy to the business<\/a> are able to gain clarity on priorities and better direct their teams, Wenzler says.<\/p>\n

\u201cThis isn\u2019t an easy problem to solve,\u201d he adds, \u201cbut where it does get solved, it becomes much easier to do an apples-to-apples comparison to where you\u2019re at most risk and then prioritize what work needs to get done.\u201d<\/p>\n

5. Build workers\u2019 soft skills to boost engagement with business peers<\/h2>\n

Security pros don\u2019t always come with strong business, communication, and leadership skills. \u201cWe spent the past 20 years or so getting really good at the technical; now we absolutely need to start building the soft skills on our teams,\u201d Wenzler says.<\/p>\n

He stresses the need for communications skills specifically, saying they\u2019re essential for security teams to effectively articulate information about the policies and procedures<\/a> that the business needs to follow to counteract cyber threats.<\/p>\n

\u201cThe teams that perform best today are the ones that successfully get everyone else to buy into what they\u2019re doing,\u201d Wenzler says. \u201cThey [achieve] that when they\u2019re seen as business enablers and not just a division of IT, and they do that when they\u2019re communicating in the language that the business understands.\u201d<\/p>\n

The ability for security pros to effectively engage with their business peers<\/a> through improved communication, business acumen, empathy, and the like helps them be better workers, too, Wenzler explains. That\u2019s because they gain more insight and clarity into the risks that matter most to the business, insight that they can then apply to how they do their security jobs.<\/p>\n

Others note that security teams that have a strong rapport and collaboration with their business counterparts also have more cross-functional influence and higher levels of trust, both of which help them get buy-in on security rules and requirements.<\/p>\n

\u201cThat means security gets done and actual improvements happen,\u201d Wenzler adds.<\/p>\n

6. Appoint \u2014 and empower \u2014 deputies<\/h2>\n

High-performing teams have CISOs who know they can\u2019t do everything on their own and instead rely on deputies to help carry the load, says Steve Martano<\/a>, faculty at IANS Research and a partner in Artico Search\u2019s cybersecurity practice.<\/p>\n

\u201cA CISO should be identifying their top deputies or, if they already have them, they should be assigning them more of the operational tasks and the strategic needs related to their discipline, which enables the CISO to be more of that business risk executive and really serve as the peer of the CFO, the head of product, and the P&L leaders in the business,\u201d Martano says.<\/p>\n

This may seem like more of a win for the CISO than the team as a whole, but that\u2019s not the case, Martano says. Rather, this creates stronger leaders throughout the security department who can respond quickly to team members\u2019 needs \u2014 rather than always having to escalate questions, issues, and plans up to the CISO and waiting for responses.<\/p>\n

\u201cStrong deputies mean that you as a CISO can save cycles, because you don\u2019t have to be as attentive to the day-to-day operational work they\u2019re leading,\u201d Martano says.<\/p>\n

Empowering deputies<\/a> can be hard for CISOs, Martano says, noting \u201cthere are a lot of CISOs who operate out of an abundance of caution and therefore micromanage their teams.\u201d<\/p>\n

He advises CISOs who want to build a stronger leadership team to first assess who they have, what skills they possess, and what skills they need to build. CISOs then need to plan how they\u2019ll train those leaders to take on more executive-level tasks and oversight<\/a>.<\/p>\n

\u201cGive them the latitude to make decisions, to make mistakes, and use you as a sounding board,\u201d Martano says. \u201cHave people represent you in meetings, and try to get the most out of people by making them think more business-wise and more strategically.\u201d<\/p>\n

Martano says creating a strong leadership team has benefits that cascade throughout the ranks, as these deputies tend to bring the same approach to those they supervise, empowering their own direct reports and expecting them to do the same with those reporting to them. As a result, workers at all levels are upskilling, taking on more responsibilities, and accepting more accountability.<\/p>\n

\u201cThese CISOs,\u201d Martano says, \u201care creating an environment that is fostering leaders down the chain.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Longtime security chief George Gerchow had sought top-notch security engineers and developers to build his team. Gerchow considered these workers \u201csuperstars\u201d \u2014 and they proved him right in many ways. They were ambitious go-getters \u201cwho came in and absolutely killed it. They\u2019d do a great job, but then they\u2019d move on.\u201d Gerchow discovered that a collection of such superstars didn\u2019t create a high-performing team, which… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15416","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15416"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15416\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}