Select Page

Enhancing a cybersecurity team’s reputation: Communication and policies

CYBSAFE-SebDB Webinar-preblog-221011MS-36

8 March 2023

Lisa Kubicki: Keep it simple, keep it secure

In this episode of the Behave podcast, Ben Donaldson—Community Engagement Manager at CybSafe—sits down with Lisa Kubicki, Director of Trust & Security Training & Awareness at DocuSign.

EPISODE 12

Keep it simple, keep it secure

Lisa reveals what her role at DocuSign is and what a day at her job looks like, a few tips on how you can incentivize people to work toward a more secure environment and the benefits of simplifying processes for people to build trust and reliance in your security force.

She opens up about the importance of being available to people, and building a good reputation to allow an open and reliable culture with your coworkers and colleagues.

Finally, she emphasizes her approach to the human side, in terms of leadership and fund allocation, and why the people are just as important as technology in cybersecurity.

Speakers:

Ben Donaldson Community Engagement Manager, CybSafe

Lisa Kubicki Director, Trust & Security Training & Awareness, DocuSign

Guest profile

Lisa Kubicki is the Director of Trust & Security Training & Awareness at DocuSign, where she oversees the company’s security awareness training program. With 20 years of experience in leadership development and change management, Lisa brings a unique perspective to her role. 

Having worked at prestigious universities like Stanford and Cornell, Lisa has a deep understanding of human behavior and change management. By blending her expertise with the latest security awareness training techniques, Lisa is dedicated to keeping DocuSign at the forefront of security and data protection in the industry.

Connect with Lisa on LinkedIn.

Key takeaways

1. A positive reputation is key for any cybersecurity team

A major lesson to glean from the episode is how crucial it is for a cybersecurity team to maintain a positive reputation. According to Lisa, if the team’s reputation is negative, it could hinder employees from reporting security concerns, and can lead to more significant problems in the future. 

Relying exclusively on technology and tools doesn’t guarantee an organization’s safety. It is imperative for all personnel to be actively involved in safeguarding the company, and to accomplish this, a cordial working relationship with the cybersecurity team is indispensable. Employees need to know the cybersecurity team and be at ease seeking their assistance.

2. Strategies for improving your team’s cybersecurity reputation

If you’re looking to boost your cybersecurity team’s reputation, Lisa has some tips to help you out. For Lisa, it’s all about keeping your team motivated and supported, which means keeping them in the loop when changes happen. 

But it’s not enough to just communicate changes—you need to make sure your team feels empowered and motivated by the process. That’s why Lisa recommends evaluating communication training from the team’s perspective to make sure it’s user-friendly, straightforward, and hassle-free. By following these strategies, you can build a cybersecurity team that’s respected and effective.

3. The importance of simplifying communication processes and policies within a cybersecurity team

Lisa emphasizes the importance of simplifying communication processes and policies within a cybersecurity team. She highlights the need of regularly evaluating requests from the team and finding ways to streamline them. It’s crucial to have a clear and straightforward call to action, avoiding unnecessary complexity. 

Lisa acknowledges that people tend to choose the easiest path, and if the process is too complicated, they might look for ways to bypass it. This not only affects the team’s effectiveness but also harms their reputation, making it difficult for others to cooperate and follow established protocols. To maintain productivity and credibility, Lisa underlines the necessity of having straightforward and understandable processes.

4. The challenges of establishing security measures in an organization

According to Lisa, implementing security measures can be daunting and perplexing, yet simplicity is key to effectiveness. She stresses that to encourage compliance, security protocols should be communicated in an unambiguous and persuasive manner. 

Additionally, Lisa highlights three kinds of obstacles to security: will, skill, and hill issues. Motivation is needed to tackle will problems, training is necessary for skill problems, and obstacles must be removed to address hill problems so that employees can comply with security measures.

5. Hill, skill, and will problems in organizations, and how to solve them

Lisa shares valuable insights on how organizations can tackle cybersecurity challenges by involving employees in training and awareness initiatives. Noting that there is no one-size-fits-all approach, and that different people have different learning styles. 

Lisa suggests implementing a regular cybersecurity simulation program as an ongoing practice, with a positive tone and reinforcement of good behavior. Drawing on Osterman’s research, Lisa explained that 15 minutes of training each month can be the tipping point for employees to feel accountable for cybersecurity in their organization. 

She recommends a variety of training and engagement methodssuch as regular phishing simulations, internal chats, videos, speakers, and recognition programsto keep employees engaged in different ways.

6. The importance of addressing the human factor in cybersecurity

Lisa delves into the challenge of implementing a “people tool” in the workplace to reduce cyber risk through behavior change. She highlights the difficulty of selling this approach to decision-makers, who are often more focused on technical solutions and metrics. 

Lisa explains that leadership has not fully embraced the psychological aspect of human behavior, and this has contributed to the underfunding of initiatives that address the human factor in cybersecurity. 

To get more resources allocated to the “people aspect,” Lisa suggests that leadership needs to become more comfortable with the psychology of human behavior. She emphasizes that people are the greatest asset in the workplace and should be treated as such, even though they may be more unpredictable and difficult to manage than technology.

Lisa podcast episode

Top quotes from this episode

“Humans are a crucial part of the security force and can’t be replaced by technology.”
“People will always look for the path of least resistance, and if the process is too complicated, they will find a way to bypass it.”
“Making security simpler is a constant journey.”
“The biggest challenge in security is not the employees, but the obstacles created by leadership or management.”
“The key to success is to gain the trust of others to help achieve your goals.”
“The art of communication is not just about the words you say, but how you say them.”
“Success requires a combination of motivation, training, and breaking down obstacles.”
“Leadership and management play a crucial role in making it easier for individuals to follow directions.”
“People will follow your guidelines, follow your directions, change whatever they’re supposed to change if you do it in a way that they’re gonna receive it well.”

For more human risk insights, listen to the next episode in the Behave podcast, or read the CybSafe blog.

behave podcast-meta cover-11-11-11-13
Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

How to unlock CAM’s huge potential for behavior change

How to unlock CAM’s huge potential for behavior change

Cybersecurity Awareness Month is here. It’s the once-in-a-year opportunity where the spotlight shines bright on security. I wanted to take the opportunity to highlight some of the things CybSafe are doing to support organizations with their CAM initiatives, and call out the great work done by the...