Brutalist Security Meets Team of Teams: Part 4 - Security Brutalist Sync

(Part 5 of 5)

In Team of Teams, General McChrystal describes the daily sync as a vital, organization-wide video call that encouraged shared consciousness and rapid coordination across the Joint Special Operations Task Force. Held every day with thousands of participants from diverse roles and locations, the 90-minute sync broke down silos, democratized information flow, and enabled frontline input. This consistent, transparent communication ritual transformed the task force into a flexible, networked organization capable of responding quickly to complex, fast-moving threats.

Adopting a similar approach within the context of Team of Teams and Security Brutalism requires a distinct adaptation — a "Security Brutalist Sync", then, must take a different form. Rather than a broad 90-minute daily update, this version would be shorter and more focused, involving only key representatives instead of every team member each day. These representatives would then relay essential information within their teams, ensuring a fast, efficient flow of critical security updates while minimizing disruption.

Here's how it would work:

Participants

The core participants would likely be:

• Representatives from the Central Security Architecture Team.
• Lead Security Champions from each major product line, business unit, or team cluster.
• Representatives from key operational teams (Incident Response, Security Operations Center, Threat Intelligence).
• Potentially rotating members based on specific incidents or topics.

Format

The sync should be concise and action-oriented, mirroring the effectiveness McChrystal aimed for. It could be a brief virtual meeting (video and in person) with a strict time limit (15-30 minutes).

Key Information Sharing Categories

• Significant Security Incidents: Brief overviews of any ongoing or recently resolved security incidents, their impact, and key learnings.
• Emerging Threats and Vulnerabilities: Updates on newly identified threats, critical vulnerabilities (especially those relevant to the organization's technology stack), and recommended immediate actions.
• Changes to Security Standards or Policies: Announcements of any updates or changes to the "brutalist" security standards or policies.
• Cross-Team Dependencies or Blocking Issues: Identification and discussion of any security-related dependencies or roadblocks that are affecting multiple teams.
• Key Security Metrics and Trends: High-level summaries of relevant security metrics (e.g., vulnerability remediation progress, incident volume trends).
• Success Stories and Learnings: Sharing of successful security implementations or valuable lessons learned by different teams.
• Upcoming Security Initiatives or Events: Announcements of planned security initiatives, training sessions, or audits.

Focus on Actionability

The primary goal is to disseminate information that requires awareness or action by the participating representatives within their teams.

Clear Roles and Responsibilities

It should be clear who is responsible for reporting specific information and who needs to take action based on the updates.

Frequency of the Security Brutalist Sync

The optimal frequency depends on the pace of change, the threat landscape, and the organization's risk appetite. Here are a few options with considerations:

• Daily (Similar to McChrystal):
• Pros: Ensures the most up-to-date information is shared rapidly, facilitates quick identification of emerging threats and coordinated responses. Reinforces a strong security focus.
• Cons: Can be time-consuming for key representatives, potentially leading to meeting fatigue if not kept concise and impactful. May be overkill if there are consistently no significant updates.
• Best Suited For: Organizations in high-threat environments or those undergoing significant changes in their infrastructure or security posture.
• Every Other Day (e.g., Monday, Wednesday, Friday):
• Pros: Balances the need for timely updates with the time commitment required. Still allows for relatively frequent information sharing.
• Cons: Might lead to a slight delay in disseminating critical information compared to a daily sync.
• Best Suited For: Organizations with a moderate threat landscape and a steady pace of change.
• Twice Weekly (e.g., Monday and Thursday):
• Pros: Less time commitment than daily or every-other-day. Still provides regular touchpoints for security updates.
• Cons: Information might become less timely, potentially delaying responses to rapidly evolving threats.
• Best Suited For: Organizations with a lower threat landscape or more stable environments, where daily updates might not be necessary.

Recommendation

Starting with every other day (Monday, Wednesday, Friday) might be a good initial approach. This provides a balance between timely updates and minimizing meeting fatigue. You can then adjust the frequency based on the volume and criticality of security-related information that needs to be shared.

Key Considerations for Success

• Strict Time Management: Adhere to the agreed-upon time limit to ensure the sync remains efficient.
• Focused Agenda: Keep the agenda tightly focused on critical security updates.
• Action-Oriented Discussion: Emphasize what needs to be done with the information shared.
• Clear Communication Channels: Ensure that the representatives have effective channels to cascade information to their respective teams.
• Regular Review of Effectiveness: Periodically assess the value and efficiency of the Security Brutalist Sync and make adjustments as needed.

To Close

Implementing a focused and regularly occurring "Security Brutalist Sync" allows for an effective way to adapt McChrystal's principle of shared consciousness to the unique demands of the Security Brutalism approach within a Team of Teams structure, ensuring all stakeholders remain informed and aligned on critical security issues.

Back to Part 1.