team efforts. When team members from the top down understand their role and feel a sense of ownership
            in their organization’s success, they transform from passive observers to active participants.

            Cybersecurity for an organization, at its core, is a team sport, and accountability is the linchpin that
            ensures that everyone on the team not only plays but plays to win.



            It starts with culture

            To foster a culture of security that is both resilient and responsive, organizations must first acknowledge
            that security is indeed a shared responsibility. This realization entails understanding that every member
            of the organization, from the CEO to the newest intern, plays a critical role in maintaining the security
            posture of the company. However, recognizing the team aspect of security is just the first step. The real
            game-changer lies in implementing a framework of accountability where security goals and outcomes are
            not just suggested but are documented, measured and integrated into the very fabric of the organization's
            operations.

            Hall of Fame coach of Duke Men’s Basketball Mike Krzyzewski offered this, “In putting together your
            standards, remember that it is essential to involve your entire team. Standards are not rules issued by
            the boss; they are a collective identity. Remember, standards are the things that you do all the time and
            the things for which you hold one another accountable.”



            It’s not rocket science


            However, this sense of ownership doesn't spontaneously manifest. It requires a deliberate effort to embed
            security goals and outcomes into the very skeleton of how teams operate. This means going beyond
            abstract  declarations  and  incorporating security  into  the  documented  objectives and  deliverables  for
            every team member, akin to how application development or service delivery parameters are set.

            One effective remedy for embedding accountability in an organization's security culture is the use of
            measurable goals related to security in everyone's performance plan. By setting specific, measurable,
            achievable, relevant and time-bound (SMART) goals related to security for each employee, organizations
            can ensure that security is not just a concept discussed in board meetings but a tangible, integral part of
            every employee's daily activities. These goals can range from completing security awareness training to
            ensuring software updates and patches are applied promptly, from writing secure and validated code to
            tracking cyber health in platforms like M365, Salesforce and ServiceNow. By tying these security-related
            goals to performance evaluations, bonuses, or other forms of recognition, organizations can incentivize
            their employees to take ownership of their role in the company's security efforts.

            Imagine the difference in dialog and outcome if instead of holding the cybersecurity team accountable for
            cloud platform security, the platform leaders were evaluated based on delivering new functionality to the
            business and maintaining an A rating on their platform cybersecurity health.  It’s simple; it would get done
            with a spirit of collaboration and without unnecessary friction.







                                                                                                              81