Fredrick "Flee" Lee is CISO at Gusto, a cloud-based payroll, benefits, and human resource management software provider. Along with his fun-sounding nickname, he has a playful view on how to get organizationwide buy in on security: Get people to fall in love with the security team.
"The key to building and instilling a security culture within an organization is to make security lovable," Lee says. "Security can't hide behind their hoodies, so to speak. Security should be the most approachable team in the room so that other teams within the organization want to actively engage with [them], instead of skirting around [them]."
Security is serious, Lee explains, but you want your security team to be approachable — to be seen as the helpers, he says. Nail that and suddenly security isn't seen as a roadblock or barrier; it's the team who's going to go out and find solutions to securely enable products and features that weren't possible in the past.
At Gusto Lee says he accomplishes this by conducting security team-building and offsite activities with colleagues from other teams, and by having an open-door policy and office hours so anyone, from any division, can feel welcome to approach with questions. He also offers lab-based training for developers.
"You don't get someone to fall in love with a sport by throwing the rule book at them," Lee says. "You let people experience it. At Gust ..
Support the originator by clicking the read the rest link below.
