To be successful in cybersecurity transformation, each one in the organization shall contribute as the baseline.
Culture or politic in certain organizations prohibits; and this is not just applied to cybersecurity. If you SEE something need improvement and TALK about it with your boss, you’ll become the issue owner to handle the resolution. This drives the culture of don’t see and don’t talk. Top executives don’t HEAR things that potentially affects the organization.
The essential success factors in the transformation journey include but not limited to:
- Senior management buy-in
- Provide necessary support for sustainability (not just a slogan in the air but actually allocate dedicated resources and invest in human capital)
- Top-down approach to drive end result with metrics
- Staff own passion adaptive to the changing business environment
Once the people barrier is break-thru, other process issues will then go well.