Democracy of Cybersecurity Ideas

8 September 2023

A key component of any successful cybersecurity team is surfacing the best ideas and solutions for any given problem. In order to surface the best solutions the entire team must feel safe and supported in order to take the risk of proposing each individual's ideas for scrutiny. It is vital that ideas be judged on their merit, rather than by the tenure, seniority, training, or expertise, of the individual proposing the idea. In order to encourage a diversity of thought and solutions every idea must be heard, respected, and considered. This ideal is easy to espouse but difficult to put into practice.

In order to support these principles it is important for organizations to introduce policies to support the "Democracy of Ideas." Such a policy sets a tone and standard of inclusion, support, open dialog, and allows every teammate to feel safe and encouraged to share their ideas and opinions.

The purpose of this policy should be to encourage the presentation of diverse ideas and solutions as well as to encourage the consideration of each idea regardless of whom might propose or advocate for the idea. Providing a level playing field for the consideration of ideas discourages groupthink and can help avoid disastrous initiatives from being implemented simply because of who proposed them. When ideas are evaluated strictly on their merit, and not on the relative position of the person who proposed the idea, there is a much higher chance of a corpus of diverse ideas being presented from which the best can be chosen.

There are a number of key components in any such policy. The first should be Inclusivity and Respect. In a Democracy of Ideas everyone is invited, and encouraged, to participate. Bringing the greatest number of ideas to the table can ensure a broad pool of ideas to evaluate and helps surface the best ideas. Because every idea is treated on the merit it is critical that everyone on the team respect one another, and respect each others ideas. Even ideas that might seem disposable at first consideration could hold great merit and the formal insistence on evaluation can help to surface this value.

Evaluation criteria should also be a core tenet of any policy on the Democracy of Ideas. Evaluation should include feasibility of ideas, relative risks and costs associated with ideas, as well as alignment to goals and objectives. Ideas should support the overall strategy and intent of the cybersecurity team both in the short and long term. Evaluation should also be empirical, and data driven, and the policy should discourage subjective evaluation of ideas.

The policy should also call out the need for participation and inclusivity. Policy elements should outline the expectation of contribution from everyone on the team as well as provide guidelines to enforce respect and consideration in order to support a safe environment for participation. The policy should recognize that background, experience, and other individual factors support diverse perspectives that can help to inform unique ideas or solutions that might be difficult, or impossible, for others on the team to reach, and highlight the unique value such ideas can add to the team.

In addition to participation and evaluation, the policy should also highlight the goal of iterating on ideas to refine them. Often times the first ideas or solutions are not the best, but by combining the initial draft with diverse viewpoints the team can improve ideas and develop even better solutions. The policy should call out the need for continuous improvement as well as respectful feedback and consideration.

Finally, policy elements should include penalties for failures to comply with the policy. These sections should highlight the very real damage that non-compliance can incur, such as the suppression of quality ideas, or the potential to pursue a bad idea or solution because it escaped scrutiny or competing proposals.

Deploying a policy for the Democracy of Ideas can create a more open and accepting workplace, can support a team of consensus, and can promote radical good ideas that can result in a competitive edge for your team. Not only will such a policy dramatically improve your chances of success but it will also foster better trust and morale within your team.