STEVE SCHUPP
CYBERSECURITY: IT’S A HYBRID TEAM SPORT by Steve Schupp, Executive Director – CyberCX WA Branch Just as the cloud has blurred the definition of
to incorporate external providers into their own
the network perimeter, the invisible line around
‘hybrid’ cyber capability. Cyndi Spits, Project
your cybersecurity team has also likely blurred.
Manager for Perenti Group, says a collaborative
Whether you have a small team and are reliant
team that encourages the business to engage with
on external providers, or a large team tapping
cybersecurity was an important factor for Perenti,
into specialist capability, it is more than likely
where there is “a relatively flat team structure with
your cyber team extends far wider than those you
collaborative team leaders rather than a traditional
employ. In practice, this fuzzy line around your team
top down management structure, and where both
creates an environment in which you can improve
internal resources and managed service providers
security together.
are used.”
THE HYBRID TEAM
Trudy Bastow, Director, Managed
Gone are the days when someone from the
Security Service Operations,
network team who had an interest in hacking could
Federal Government and
occasionally wear a ‘cyber hat’ and do cybersecurity
Protected SOC for CyberCX,
as a side project. There is now greater awareness
says a structure that combines
that a risk based approach to decision making is a
internal and external resources
crucial prerequisite for effective security outcomes.
enables different skills and experiences to be brought together to achieved desired outcomes.
As a result of this maturation in the cyber domain, the need for specialist skills in various areas of
Bastow also raised the benefit of risk reduction in the
cybersecurity has increased. It is no surprise
event that, in a tight labour market, employees leave.
companies engage with external providers for
“When you partner with an external team, that risk
discrete projects and services. This has been
reduces as you still have a team who are familiar with
happening in IT for decades.
the business risks and requirements, who can pick up that gap to provide continuity of skills,” Bastow says.
However, I believe there has been a strong trend
52
recently for SMEs to consciously consider the
However, this does not mean it is straightforward
structure of their cyber teams, to actively discuss
to build a hybrid team with internal and external
hybrid capabilities with service providers and
members. Bastow stresses the importance of
W O M E N I N S E C U R I T Y M A G A Z I N E
S E P T E M B E R • O C T O B E R 2022