Cybersecurity debriefs are core to continuous improvement

Do you conduct debriefing sessions after completing a cybersecurity project? Quite often, our minds are moving on to the next cybersecurity initiative or project that we need to wrap up or start. Although you may think that a debriefing session takes up precious time, it’s an essential practice that needs to be performed more frequently, and it is core to continuous improvement.

Debriefs, also known as after-action reviews or lessons learned sessions, are a way to analyze how the project met its goals and what could have been done better. The primary purpose of a debrief is to find ways to do the next project so much better. In other words, this is a time of reflection where you identify the mistakes you made with a previous project so it can be avoided in the future and you highlight successes so they can be repeated. This takes place as a moderated discussion between those involved in the project and others who might have valuable feedback on improvements.

So, how do you conduct a successful debriefing session?  Here are some five ways you can improve cybersecurity with debriefs.  Allow the conversation to flow freely, be receptive to feedback, go in with the intent to get results, create and distribute debrief findings, and follow-up on action items.

Allow conversation to flow freely

The opinion of each team member is valuable and should be taken into account. Make sure that your team listens to each other and gives one another time to speak. However, the moderator should keep the conversation focused entirely on the project that was completed.

If possible, get someone who wasn’t intimately involved with the project to facilitate the meeting and function as the moderator. This gives the team leader a chance to assume a team member role. During these sessions, the last thing you want is to lose focus which will lead your team to believe the entire meeting was an utter waste of time – time that could have been used elsewhere and for a more productive reason.

Be receptive to feedback

Don’t take feedback the wrong way here. Emotions need to be left at the door. Also, team members should not use this as a time to place blame on one another but to only mention facts. It is better to refer to improvement areas with the word “we” rather than naming an individual. The moderator should let those who are speaking know that their feedback is for the benefit of the team, and they should ask questions to explore suggestions and comments in more detail.

Go in with the intent to get results

The best way to get results is to have specific questions in mind which need to be answered at the end of the session. At the end of the session, you need to have a list of improvements. The debriefing session is not an avenue for chit chat, but a place where you share ideas about making things a whole lot better for the next project. The moderator needs to keep the conversations focused on the task at hand.

Ask the following questions to guide your debriefing session:

  • Did we accomplish our goal?
  • What worked well?
  • What did not work?
  • Which areas need more support?
  • What were the biggest risks taken?
  • How did we handle the unplanned for obstacles?
  • What should be done differently?
  • How could we have planned better?

Create and distribute debrief findings

Take note of everything you did that made the project successful or caused failures along the way. Transform this into a checklist that you can use for the next project. This way, you’re less likely to commit the same errors as before and can move along much quicker. Next, distribute this to the team members and ask for any further comments. Integrate other comments into the debrief report and then distribute it again.

A successful cybersecurity debrief will result in:

  • A list of strategies that work and should be implemented in the next project
  • A list of best practices that team members can use to make their jobs more efficient for the upcoming project

Follow-up on action items

Lastly, after action items have been discussed, documented and distributed, someone should be designated to follow-up to make sure that lessons learned from the cybersecurity debrief have been implemented.

Every project needs to be analyzed at the end. To move on and do better, you have to look into the past and learn from the mistakes and successes. This way, you can duplicate your successes and minimize or eliminate errors. This leads to continuous improvement!

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Leave a Reply