250 word response 1 reference due 6/3/2023
Andrews
How do motivational-Hygiene Factors effect the work of a cybersecurity worker?
Both motivation and hygiene factors affect employees and their performance, but the book states that motivators, such as achievement, advancement, recognition, responsibility, and the actual work affect job satisfaction, while hygiene factors, such as politics and administration, salary, supervision, interpersonal relations, working conditions, and workplace policies and procedures can act as dissatisfiers.
The basic affect can be summed up as such. Both motivators and hygiene factors are needed to create a good and productive work environment. Motivators tend to directly affect job satisfaction, which can affect the performance of the employee. Hygiene factors, on the other hand, prevent dissatisfaction if they are accepted as adequate by an employee, but when they are no longer deemed to be adequate, job satisfaction decreases and as job satisfaction drops, so does performance.
Has your organization/workplace conducted an incident review following a critical incident in the IT department? Provide a brief description of the incident review process. If your workplace/organization does not have such a process provide a brief explanation about how it will help management, and how the process should be conducted. (Hint: page 209).
Yes, we have, as we have a formal process for reviewing incidents.
Our incident review process is part of the security incident response policy and plan. During a security incident, all aspects of the incident are documented in a security incident report, such as details as: where, when, systems affected, criticality, if data was breached which contained PII, communications, recommendations, etc. Each month, the IT management team meets and reviews any incidents which took place over the past month for lessons learned and to see if there were any recommendations which were made by the incident response team. Lessons learned are also reviewed by the incident response team, so they know how better how to react to certain scenarios in the future. Official changes are documented in the incident response plan after such reviews and practiced by the incident response team during tabletop exercises.
We have actually had to use the process for many small incidents as well as two large ones. In 2019 we had an insider threat where lessons learned were reviewed in detail. Afterwards, many changes were made in our processes as a direct result of the review. We also had a major ransomware attack in 2019 losing hundreds of servers and clients and bringing down the entire company for several weeks. After bringing back the systems, again extensive reviews were completed.
In your opinion, why are promotions important in the IT department and the Cybersecurity team specifically? Provide examples to illustrate your opinion.
Describe an example for promotion in your own career or someone that you know from the IT field. How did the promotion impact you and the organization?).
I will start out by saying the promotions are always important. They are typically given to deserving employees for exceedingly good work and both are an award to the employee receiving the promotion and the extra monetary and authoritative benefits coming from the new position. They are also good for the organization who can place their talent in key managerial roles where the newly promoted employees can shine by keeping needed skills in the organization and showing other employees that hard work leads to new opportunities.
Promotions are especially important in the IT and specifically in Cybersecurity due to the current lack of available talent. Organizations need to fast track their best employees and get them into middle management positions where they can practice leadership and help train and develop the next wave of cybersecurity professionals. Promotions in cybersecurity can also be used to retain talent, keep employees with unique and important skills, and to support the organization’s security posture.
Sometime back, my company purchased a few companies in North America. Each had its own IT department, and some were quite small. During the transition, the IT manager of the biggest team left the organization, and we needed to promote someone from one of the teams to take over and to unify the IT at each of the separate companies and lead the migration to the European processes and systems. One engineer had been informally supporting our efforts, and I, along with the other IT management in Europe recommended that he be made Head of IT for the North American operations. Soon after, we noted results which supported our assessment. He provided strong leadership and earned the respect of his employees and business colleagues. He then unified the teams (including other new site acquisitions) and successfully integrated the U.S. systems. In the end, not only he, but the entire organization reaped the rewards for this decision.
