Cyber Mindset in Modern Tech Consultancies

Cyber mindset and cyberculture are best cultivated when freed from the shackles of top-down, heavily hierarchical mandates. So, how are modern tech consultancies configured to achieve this end?

In this article, I delve into the paradigms of the cyber mindset, culture and leadership of modern tech consulting firms, so we can all have a better understanding of how such a concept culminates into a living, breathing organism.

The Anatomy of a Modern Tech Consultancy

Generally speaking, modern tech consultancies consist of a distributed workforce either within their own country or globally, most likely with offices in Europe, the USA and Australia. Collectively, the majority of services offered by tech consultancies are:

Consultancy, technical advisory, digital strategy maturity and strategy creation
Building enterprise-grade, cloud-based solutions for digital and data platforms
Upskilling of client teams to enable them to run cloud-native platforms

Typically these 3 core offerings take place through the assessment of a customers maturity to create a Digital Strategy to promote success.

Modern tech consultancies have clients that range from medium to large enterprises spanning government and various business sectors such as financial, energy, transport and media. All of these consultancies tend to work to a partnership model that means operating alongside their clients in the role of ‘trusted advisor’ for all facets of cloud-based technology and delivery.

The Contextual Environment

To understand the cyber mindset of a modern tech consultancy, it is important to understand the contextual environment within which they exist. As noted by Klaus Schwab in 2016, “We stand on the brink of a technological revolution that will fundamentally alter the way we live, work, and relate to one another.”

This era is now generally accepted as the Fourth Industrial Revolution. And you can consider the modern tech consultancy as a child of this Fourth Industrial Revolution.

The structure of such organisations is people-driven and autonomous, promoting culture and continuous learning. To be effective, most of these consultancies operate as a Squad Matrix, detailed in this article by Henrik Kniberg & Anders Ivarsson. Such a matrix is often referred to as the ‘Spotify Model’.

Squad Models are somewhat similar to the idea of a “flat structure”. They are integral to the DNA of modern tech consultancies and are a unique enabler for acceleration in delivery, which promotes mutual business agility and outcomes for customers.

In digging deeper into the cyber mindset of modern tech consultancies, correlation can be drawn to the key areas identified by Klaus Schwab at the World Economic Forum in 2016 as being:

Agile technology governance
Agency and trust
Technology innovation
Ethics and identity
Technology access and inclusion
Frontier technologies
Disrupting technologies, demanding new skills

Source: https://intelligence.weforum.org/topics/a1Gb0000001RIhBEAW?tab=publications

These key areas influence the mindset of people today, both as members of the general community and in the operations of their job functions and work environments.

The vast majority of employees in modern tech consultancies were born into a cyber world. Their cyber mindset is heavily influenced by the social and economic convergence of data and technology. Furthermore, the primary function of the employees is technical, and they are by that very nature more closely connected to current and emerging technologies, and threats and their effect on society today.

Safety of “self” is a cornerstone of all modern societies and this is of great concern in our connected world today. As such a modern tech consultancy’s cyber culture should be underpinned by the cyber safety of its own people and the customers with whom they operate. To that end, these consultancies need to continue to implement relevant cyber best practices that are aligned with those defined by agencies and bodies, such as a minimum baseline, alignment to the “Essential Eight” prescribed by the Australian Cyber Security Center (ACSC).

Holistically, a zero trust approach to securing devices and content and, as mentioned in the article ‘Zero-trust mindset the only way to build cyber risk immunity’, a “trust no one, verify everyone” mindset is the cornerstone of a strong cyber focus.

Perhaps unique to modern tech consultancies is how they generally operate their own internal systems. As their workforces are typically distributed both locally and globally – closed (internal) networks are adopted through a ‘cloud everything’ approach.

This cloud-centric, distributed matrix approach enables rapid collaboration and development, and enables a shared responsibility approach to cyber mindset and culture.

Internal Leadership

All of the above would not be possible if it were not for key stakeholders steering the cyber mindset and cyberculture from ‘the brain’ of the organisation.

Intrinsically important to this type of culture is the internal executive leadership – generally consisting of the founders, partnerships directors, technical directors and delivery directors – which should all allow an open culture to evolve. Through their stewardship and alignment of the company’s direction to that of the business strategy, the cyber mindset and the cyber culture can be given enough impetus to grow and propagate across the body of the company.

External Drivers

The external stakeholders driving a modern tech consultancy’s cyber culture tend to come from a different perspective. Mostly, these stakeholders are the cloud providers, regulatory bodies and customers within the company’s relationship ecosystem. Their primary mandate, which impacts a modern tech consultancy’s cyberculture, is to ensure the consultancy as the ‘partner’ is aligned to the industry best practices and certifications.

These external stakeholder requirements influence the business strategy of a modern tech consultancy, which in turn is implemented through the open and people-centric approach set by the consultancy’s executive leadership team.

Humans as a Solution to Cyber Security

In the International Journal of Human-Computer Studies in 2019, the researchers speak about the need for viewing humans as a solution rather than humans as a problem when it comes to cyber security. They mention the benefit is “permitting people to take responsibility allows them to maximise their agency.” And this is exactly the cyber culture that should be injected into a modern tech consultancy.

To that end, the concept of communities of practice that work on an opt-in basis can be used to help foster the culture in a modern way to increase awareness of what is needed within a cyber culture. A cyber community can be one of those communities.

This allows a cross pollination of a cyber consciousness that exists without barriers.

Making Sense of a Cyber Mindset

When considering the aforementioned thoughts, it is important to test and evaluate them to ensure they make sense within today’s cyber bodies.

In my opinion, a consultancy’s cyber mindset is one that should fit their organisation’s culture and the space in which they operate. I believe that a modern approach to the cyber mindset is refreshing. Looking at most modern tech consultancy cyber mindsets, we can adequately see they are influenced from a place of trust, knowledge and sharing as trusted advisors.

This line of thought is in keeping with the definition provided by W.H. Dutton in the Internet Policy Review in 2017, who states, “a cyber security mindset as a pattern of attitudes, beliefs and values that motivate individuals to continually act in ways to secure themselves and their network of users.”

Cultivating a Cyber Culture

To be effective, a modern tech consultancy’s cyber mindset should not be mandated by top-down policy; rather, it works best by being supported from the ground up through collaboration, open dialogue and continual learning. This fosters a people-first environment that then feeds into and shapes the cyber culture.

According to an article in Information and Computer Security, there are five factors needed to cultivate a cyber culture within an organisation:

All the people/entities who have a role to play in cultivating the culture
The functions that need to take place
The necessary resources
The method and means to be used in cultivating the culture
The influences associated with the group in which the envisaged culture will be promoted, i.e., the level of connectivity, age and digital literacy

Modern tech consultancies need to be mindful of aligning their cyberculture to these five fundamentals.

The Importance of Communities

Communities of practice allow people to cultivate their own culture. Operating them via modern collaboration technologies – such as Slack, Google Meets, Microsoft Teams and Zoom – helps to achieve their own culture seamlessly across borders, cultures and timezones.

There should be no restriction on the collaboration tool, as long as it fits within the guardrails of the company’s cyber security policies. This allows for a high level of connectivity, collaboration and – along with a flat, open structure – unfettered access to resources to debate, promote and provide a cyber security culture that is born from within the organisation and not mandated from the top of a hierarchy.

Most importantly, a modern tech consultancy’s cyber leadership must be aligned to the mindset and culture as being open and non-hierarchical, driven from a position of trust rather than imposition.

The symbiotic relationships between communities of practice produces a unique culture which enables modern ways of working fit for “human valued, peer driven leadership”.

Back to the article in the International Journal of Human Computer Studies, the argument is presented that cyber security mindset and culture need to shift from ‘human as a problem’ to ‘human as a solution’. At first glance, this may seem like a hands-off approach; however, they go on to provide evidence that “permitting people to take responsibility allows them to maximise their agency in terms of behaving to secure the organisation’s devices and information.”

Human as a Solution

In essence, a successful modern tech consultancy needs to shift the narrative away from ‘who’ (Figure 1 below) to ‘why’ (Figure 2 below) and, in doing so, create a ‘Human as a Solution’ environment.

Figure 1

Source: Zimmermann & Renaud in International Journal of Human-Computer Studies, 2019

Figure 2

Source: Zimmermann & Renaud in International Journal of Human-Computer Studies, 2019

Modern leadership should ensure that cyber security activities are related back to the business strategy. However, the implementation of controls, monitoring and feedback are left to the empowered communities of practice and, as per Figure 2, is an inward-out perspective. The leadership sets the cyber agenda, and the functions work out their own best way to implement them.

Modern Concerns

There are two main concerns I see with the modern approaches we’ve discussed. Perhaps the biggest issue of all is the potential for the ‘singular ownership of mindset’.

Singular Ownership of Mindset

By singular ownership of mindset, I mean that one person’s opinion can become the dominant default opinion and unduly influence the cyber mindset and culture. This is best explained through the series of examples presented at a TED Talk by Dan Ariely in 2009, Are we in control of our decisions?, where he contests that we are not fully aware of our internal drivers, which means influence can come from many vectors of which we may not be fully cognisant.

Fluid Scalability

The second concern I see is that of fluid scalability. Modern tech consultancies generally operate far from the perspective of a large firm (under 500 employees) and – while this allows for business agility with less complexity to manage, maintain and organise a flat structure – there could be a case to say that current, non-hierarchical autonomous approaches may not scale when it comes to cyber security.

Final Thoughts

With the modern structures and thinking we’ve run through in this article, the cyber mindset and cyber culture of modern tech consulting firms can be more proficient and adaptable to the changing cyber landscape in today’s world than that of larger format (large company) traditional approaches.

While this is great in allowing free-form, modern collaboration and thinking to evolve and solve complex problems, often this is at odds with the customers with whom these modern tech consultancies partner. And consequently, caution should be taken when extolling the values of this modernity through the customer lens.

Culture should be best viewed as a primary driver for how to consult with a prospective customer, in particular with cyber culture and when promoting healthy companies and healthy cyber mindsets.

Product and Project Management