Security News > 2020 > April > How to Steer Your Security Organization in a Toxic Environment
In the past, I have been in multiple toxic environments and have learned how to navigate through them.
Even in those types of environments, the security team must work to minimize risk and defend the organization from information security threats.
Does leadership take credit when things go right and blame others when things go wrong? Does trying to get answers to simple questions feel like an interrogation? Do people build inaccurate and untrue narratives based on little to no evidence? Do people covertly or overtly manipulate situations to advance their own personal goals? If the answer to any or all of these questions is yes, it's time to accept the sobering news that you are in a toxic environment.
Having clear, high quality metrics is an absolute requirement in a toxic environment.
Great metrics are, perhaps, the single best defense you can build for yourself to allow you to navigate and steer your security organization through a toxic environment.