Nowadays, the IT department in most large organisations are expected to perform in managing their organisations' exposure to cyber threats, perceived or potential. A mistake will have huge ramifications to the organisation concerned.
Thus, those who are tasked to manage and monitor cyber risks against the organisation works very hard to ensure the organisation they worked in are performing with efficiency.
The CEO or the Board of Directors (BOD) assumed that these people will provide 'the best care' possible to the organisation.
But does these people, during their career and employment, undergo the rigorous and stressed out environment which they would be exposed to in the event a breach or an attack did really happen in the organisation that they are employed in currently? These people are supposedly 'specialists' in their field.
In reality, most of these 'specialists' are on their own for maintaining and improving their skills. They might work and operate in a team environment, maybe discuss difficult cases with colleagues, or attend conferences, but rarely discussed or meet with experienced professionals in security analysis and receive direct feedback on how they performed. Without the opportunity for targeted, longitudinal learning from experienced and external security analysts, these in house IT security personnel risk losing out in understanding progresses and new risk landscape that are evolving every second.
In today's environment, personnel tasked with managing IT and network security in large organisations are under enormous systematic and hierarchical pressures to ensure the organisation's IT network are impregnable. It is a daunting challenge for them to provide optimal care under these circumstances. So how can they not only maintain their skills but actually improve them while staying up-to-date with constantly evolving knowledge and technology?
Coaching is one promising approach to help them do this. It has proven to be an effective strategy for improving individual performance in other high-performing professions such as athletics and sports and could possibly work for those in IT security as well. Tiger Woods in golf, Lionel Messi in football and James LeBron in basketball are some examples of athletes who are at the top of their field but yet still work with experienced coaches to fine hone their skills further.
Will busy IT security analysts want to participate in coaching? What we don’t yet know is whether IT security analysts who work with a coach will improve their work outcomes.
Coaching has great potential to become a standard component of IT security practice. Instead of allowing skills and techniques to plateau, experienced IT security analysts can turn to coaching to continue honing their skills so they are at their peak throughout their careers. If elite performers in sports rely on coaches to maintain and improve their performance, why couldn’t IT security analysts do the same when the 'health' of the organisation that they are working in are at stake from cyber threats?