Making Employees Champions for Cybersecurity Culture

Lena Smart
February 16, 2022

As CISO, I view our employees as our strongest link and our best advocates for cultivating a strong security culture at MongoDB. Security teams can often be perceived negatively internally and with the shift to remote and hybrid working over the last year-plus, we’ve made a very conscious effort to engage and educate our employees. While you can have all the tools in the world, at the end of the day, people are the key to a robust and ever expanding cybersecurity program.

This is not a new message, but it takes on a very different form now that, in some cases, every employee is working from a different kitchen table or home office, with varying set ups and network accessibility. The perimeter no longer exists and there is no such thing as a one-way path for network traffic. All your entry points can also just as easily become attack vectors. So everyone needs to be involved and accountable. However, this is not about IT expertise, rather it is about tact and empathy.

Employees tend to be viewed as a risk when it comes to cybersecurity. This message, however, can lead to a culture of mistrust, which often results in employees worrying about the consequences of reporting anything. They feel embarrassed about clicking on that link in the email from the sender they didn’t recognize, so instead of reporting the incident, they just ignore it, leading to much bigger issues.

Instead of a risk, at MongoDB, we make employees our security champions. The MongoDB Security Champions Program is a team of over 90 employees who have volunteered to help in our cybersecurity efforts. They are from departments all over the company, such as HR, communications, and product development, and they become ambassadors within their team for cybersecurity, adding to the strength of our security team.

A comprehensive security plan cannot be limited to rules defined by IT, but must include commitment, ideas and understanding from all over the organization. This helps to avoid "information silos" and enables us to tailor information towards day-to-day scenarios that apply to specific functions. The security champions also feed back to the IT team, contributing knowledge and experience to the overall security strategy that only they can provide. A data protection officer understands GDPR compliance, a technician knows all about encryption or identity management, but only the customer consultant knows what issues can arise when external customer representatives need to access data on company servers.

This has successfully addressed the issue of trust. Teams now have a security contact who is a trusted member of their team. Someone who clicked the "bad link" is much more likely to confide in a colleague and in this way the champions act as a link between their own team and the team that defines IT security governance in the company.

The champions themselves also report beneficial effects. We have often heard companies complain about a lack of talent in cybersecurity. Training people in your existing workforce is a potential solution to this. Security champion members identify with their own specialist department as much as they do with their security work. They can play a crucial role in shaping the future, develop new skills, have more self-confidence and increase their commitment.

Six months after MongoDB implemented the Security Champions Program we saw an increase in reported security events, making it easier to detect and respond to incidents. The topic of cybersecurity, which had previously been a nuisance for many, now even contributes to team building – a welcome side effect of a positive and inclusive security culture.

← Previous

10 Signs Your Data Architecture Is Limiting Your Innovation: Part 4

There are many ways to measure developer productivity, and trying to do so can become complex and nuanced very quickly. From the speed at which new features roll out to developers’ own perception of how productive they feel, it’s difficult to find one metric that matters most. Even more challenging is finding the root causes of the obstacles to developer productivity that you or your organization face. We believe that slowing productivity is often a sign that your data architecture is holding you back — and that modernizing and simplifying that infrastructure can significantly improve productivity and remove many of the hindrances of technical debt. That is, it will reduce two of key elements of the Data & Innovation Recurring Tax – a hidden tax on your innovation. Our experts have identified the symptoms that indicate your business is paying DIRT — and solutions to reduce that tax. Read about them all in our white paper 10 Signs Your Data Infrastructure Is Holding You Back . Sign #7: Your developers' productivity is getting worse With a complex data architecture, your developers have to switch constantly between languages and think in different frameworks. They may use one language to work directly with a database, another to use the object-relational mapping (ORM) layer built on top of it, and yet another to access search functionality. That becomes a major drag on productivity. Just as we know the vast majority of people are poor multitaskers (while believing otherwise), we also know that constantly reorienting oneself is similarly counter-productive. The American Psychological Association says so-called “switching costs” — the work the brain has to do to accommodate a change and get rolling on a new task — can eat up 40 percent of developers’ productive time. That slows down your individual developers, but it also has consequences for how they work as a team. If every application architecture is bespoke, it’s almost impossible for developers’ skills to be shared and put to use across an organization. Development slows down. When a key person leaves, there is no one who can effectively fill in and you end up hiring for very specific skills. That’s hard enough, but you also don’t know if you’ll still need those skills in a year or three. Our Solution: MongoDB's data platform provides developers with one cohesive interface for any work they do with data. It doesn’t matter if a developer is building an aggregation pipeline, implementing an advanced security feature, or bringing real-time analytics into an application. They use the same interface, which is purposefully aligned with the way developers naturally code and think. Sign #8: Your team is constantly paying down technical debt Each new technology your team selects produces a parallel increase in the number of system component interactions that need to be designed, managed, and maintained. With older data infrastructures, those new technologies multiply quickly. As user demands change, the older database technology is no longer adequate. Rather than rip out everything and start over, teams add a new single-purpose database, creating yet another silo. Then they need to build the connective tissue — including fragile and cumbersome ETL pipelines -- to link the data store to the pre-existing environment. Multiply this a few — or a few dozen — times and you’ve racked up a significant amount of work that robs your team of time they could be spending building impressive new features. The average developer spends 13.5 hours a week managing technical debt, and 52% of developers say maintenance of legacy systems and technical debt are the biggest blockers to their productivity. Fully 78% say that spending too much time on legacy systems is bad for morale. Our Solution: With MongoDB's data platform, you no longer need to shuttle data between silos. Your data is accessible to anyone or any application properly authorized to use it. You dramatically streamline your architecture, eliminating the need to maintain multiple legacy systems and freeing your developers to work on the good stuff. Learn more about the innovation tax and how to lessen it in our white paper DIRT and the High Cost of Complexity .

February 15, 2022
Next →

Collaborating to Build AI Apps: MongoDB and Partners at Google Cloud Next '24

From April 9 to April 11, Las Vegas became the center of the tech world, as Google Cloud Next '24 took over the Mandalay Bay Convention Center—and the convention’s spotlight shined brightest on gen AI. Check out our AI resource page to learn more about building AI-powered apps with MongoDB. Between MongoDB’s big announcements with Google Cloud (which included an expanded collaboration to enhance building, scaling, and deploying GenAI applications using MongoDB Atlas Vector Search and Vertex AI ), industry sessions, and customer meetings, we offered in-booth lightning talks with leaders from four MongoDB partners—LangChain, LlamaIndex, Patronus AI, and Unstructured—who shared valuable insights and best practices with developers who want to embed AI into their existing applications or build new-generation apps powered by AI. Developing next-generation AI applications involves several challenges, including handling complex data sources, incorporating structured and unstructured data, and mitigating scalability and performance issues in processing and analyzing them. The lightning talks at Google Cloud Next ‘24 addressed some of these critical topics and presented practical solutions. One of the most popular sessions was from Harrison Chase , co-founder and CEO at LangChain , an open-source framework for building applications based on large language models (LLMs). Harrison provided tips on fixing your retrieval-augmented generation (RAG) pipeline when it fails, addressing the most common pitfalls of fact retrieval, non-semantic components, conflicting information, and other failure modes. Harrison recommended developers use LangChain templates for MongoDB Atlas to deploy RAG applications quickly. Meanwhile, LlamaIndex —an orchestration framework that integrates private and public data for building applications using LLMs—was represented by Simon Suo , co-founder and CTO, who discussed the complexities of advanced document RAG and the importance of using good data to perform better retrieval and parsing. He also highlighted MongoDB’s partnership with LlamaIndex, allowing for ingesting data into the MongoDB Atlas Vector database and retrieving the index from MongoDB Atlas via LlamaParse and LlamaCloud . Guillaume Nozière - Patronus AI Andrew Zane - Unstructured Amidst so many booths, activities, and competing programming, a range of developers from across industries showed up to these insightful sessions, where they could engage with experts, ask questions, and network in a casual setting. They also learned how our AI partners and MongoDB work together to offer complementary solutions to create a seamless gen AI development experience. We are grateful for LangChain, LlamaIndex, Patronus AI, and Unstructured's ongoing partnership. We look forward to expanding our collaboration to help our joint customers build the next generation of AI applications. To learn more about building AI-powered apps with MongoDB, check out our AI Resources Hub and stop by our Partner Ecosystem Catalog to read about our integrations with these and other AI partners.

April 23, 2024