What the Tampa Bay Rays Can Teach Us About Building a Successful Cyber Team
University of South Florida Assistant Professor Sagar Samtani, PhD, shares what baseball can teach us about building a successful team from scratch.
As the cybersecurity industry continues to expand rapidly, more organizations and businesses are beginning to acknowledge the importance of a cybersecurity team to protect their organization from potential threats. Unfortunately, the relatively recent emergence of cybersecurity as an industry means that there is a major talent shortfall, which can make it difficult for leaders without technical skills to know where to begin when forming a successful cybersecurity team. To simplify the complex process of cyber talent development, Dr. Sagar Samtani, assistant professor at the University of South Florida and cybersecurity expert, suggests that leaders use the development process of a successful sports franchise as a metaphor for building a cyber team. While it may seem that baseball and cyber teams have little in common, there are many parallels between the two industries—especially regarding talent development—that leaders can consider when forming their cybersecurity team.
Organizations with abundant resources, like the New York Yankees, typically build their teams by externally recruiting the best available talent in the nation. Meanwhile, organizations with fewer resources, such as the Tampa Bay Rays, develop their teams by growing talent internally. Although a recruitment strategy ultimately should be determined by an organization’s goals, needs, and resources, one should keep in mind that relying primarily on internal talent development can potentially lead to more risks than benefits in the long run.
Cyber Florida’s home team, the Tampa Bay Rays, is a prime example of what Dr. Samtani considers a potential risk of internal recruiting in any industry. As players hone their skills and become more valuable, they often leave the Rays for a competing team that can reward their skills with a higher salary. Another potential risk is that players who leave may use their inside knowledge of an organization for malicious attacks against the organization, as was seen when a former Houston Astros player publicly exposed the team for cheating during games.
The key difference between talent development in baseball and cybersecurity is the amount of talent available within the industry. In any professional sport, even the benchwarmers have a tremendous amount of talent that can benefit the team. Meanwhile, the developing cyber industry is currently experiencing an extreme talent shortfall that makes it difficult to find enough people to simply keep the benches warm.
Perhaps the most relevant parallel between building successful security and baseball teams is the mindset of the team members. “Both cybersecurity and baseball require players who are willing to do whatever it takes to win,” says Dr. Samtani. He continues, “Similarly to the way that a baseball shortstop is able to cover several positions, members of a cybersecurity team must be able to do the same.”
When it comes to building either type of team, Dr. Samtani believes that fit and culture are the most crucial aspects a prospect could have. The cyber industry is extremely unique in the sense that cultural fit is often more important than talent level when it comes to developing and maintaining a successful team. Versatility, critical thinking, and vigilance are among the most important skills needed in order to successfully adapt to the continuous changes within the cybersecurity industry.
a cybersecurity team must be able to do the same.