Improving security team collaboration and productivity
Five questions for Laura Mather: Insights on how groupthink and heterogeneous teams impact decision-making.
Collection of different beach rocks (source: Benny Mazur via Flickr)
I recently sat down with Laura Mather, Founder and CEO at Unitive, to discuss groupthink and how it hampers a security team’s ability to move quickly and better solve problems. Here are some highlights from our talk.
1. What is “Groupthink?”
Groupthink is a great example of how the best of intentions can really go awry. Essentially it’s when a group is too focused on getting along to criticize each other. I’m sure we’ve all seen it happen. We’re in a group of people and someone who is either very loud or very well respected makes a comment and everyone starts nodding. Sometimes this even happens when there is disagreement with the comment.
Learn faster. Dig deeper. See farther.
Similarly, when we are trying to promote harmonious and non-confrontational work environments we often create homogenous teams full of people who have the same experiences, assumptions, and beliefs. The group can’t see its own biases and blind spots, and this leads to some terrible decision making. While it might be easier to just agree with your coworkers—and while it might make your organization feel aligned—in reality, without the push and pull of debate and argument, you won’t make the best choices.
2. Can you describe some characteristics of heterogeneous teams?
Heterogeneous teams bring together people from all different backgrounds, experiences, and approaches to problem solving. My team at Silver Tail brought together blue-collar workers and engineers with PhDs. We had linguists, computer scientists, and people with backgrounds in business. Heterogeneous teams bring together different perspectives and expertise, they question each other’s assumptions, and they come up with new and different ways to look at problems. Then they leverage all of their combined backgrounds and experiences—no matter how unrelated they seem—to create unique, pragmatic solutions.
3. What steps can security teams take to be more collaborative and productive?
The biggest step security teams can take to be more collaborative and productive is to create a culture that values different experiences and that encourages debate. This means making sure
that teams are diverse and that each member feels empowered to speak up, to disagree, and to offer solutions. By embracing each way of seeing the world everyone will benefit, and the solutions that will be achieved will be more effective. And, who knows, we all might learn something.
4. Can you provide a few resources for people to read more about the research behind these concepts?
Iris Bohnet’s recent book What Works is a great explanation of how creating environments that value gender parity can also help improve team decision making.
5. You’re speaking at the O’Reilly Security Conference in New York this November. What presentations are you looking forward to attending while there?
“A Social Scientist’s Perspective on how the Intersection of Humans and Technology Will Shape the Future” workshop looks amazing since it is going to talk about how humans intersecting with technology is going to change the landscape. I’ve always been fascinated with the psychology of the aggressors and even more so in how technology plays a role in overall psychology, and I would guess this session will cover both.
Also, “Speak Security and Enter: Making Security Make Sense for Non-Technical Users” fascinates me because by having to parse a particular attack or a particular part of security, we break it into its simplest pieces. I’ve had cases where doing that has forced me to look deep at an attack and has helped me understand either more of a motivation or even a solution I hadn’t seen when I was looking at the “bit level.” Thinking about attacks at this very simple level can help people change their perspectives, which is always a good thing.