How the Newell Brands cybersecurity team became ‘efficiency-enablers’

By Steve Ripple

Note: This is a guest-contributed article by Steve Ripple. He is Director of Global Information Security for Newell Brands, the U.S.-based consumer goods company that owns Graco, Coleman, Rubbermaid and dozens of other familiar brands.

Cybersecurity teams like mine are sometimes misunderstood by our colleagues who aren't focused on security. We may be seen as overly cautious, obstructive or even as the enforcers who reprimand others for their actions. Such perceptions can lead to frustrations on both sides, which is why my team at Newell Brands set out to flip the script with our colleagues.

We have the power to reframe our role in the organization and build positive relationships focused on collective success. Security teams can add strategic value and become the sought-after collaborators of our colleagues across departments.

We have adopted this proactive approach to great effect at Newell Brands, which operates more than 60 brands globally, each with its own unique strategic positioning and needs. Positioning our team this way has significantly contributed to our success in achieving security goals and helping our company thrive.

Cybersecurity as a tool

Our cybersecurity team operates from a powerful starting point: Our goal is to help our company succeed in the market.

Mitigating risk is an important part of this goal, but it’s also in our best interest to help the organization succeed however else we can. If we are so restrictive that the company fails in the market, we are not going to get a larger budget anytime soon (and we may need to start looking for a new employer). So, we must think of cybersecurity as an important solution in our company’s toolbox, not as a protective cover that might stifle the free and innovative use of its other tools.

Business objectives guide collaboration

In this context, business objectives often dictate how we position our team and focus our efforts. For example, does the company want to lower the price of a particular product to increase market share and sell more products? Or is the priority to improve margins by cutting costs or adding innovative features to command a higher price?

If the objective is to increase market share, our security team might focus on working with marketing teams to manage access to our social media accounts, prevent copyright claims and leverage solutions that other brands have used successfully.

If the objective is to cut costs, we can find opportunities within the tech stack to help standardize systems and applications to lower the cost of operations. We may be able to improve processes and streamline operations with our connections in IT, infrastructure and networking. We can also focus on adding resiliency to manufacturing processes to ensure uptime and maximize operational efficiency.

Finally, if the objective is to add innovative features to increase margins, we can help during the design phase to identify potential issues, such as how to standardize requirements for third-party chips and firmware in the product, while assisting with efficient access control designs. We can ensure the necessary processes are in place to limit and regulate the collection and processing of personal data, which can prevent time-consuming and costly redesigns and legal discussions later.

Through these initiatives, my cybersecurity team can demonstrate that our goal is to add value, not just to impose controls and restrictions.

How to approach business teams

If you want to drive change in your organization, you must get out there and make it happen — no one is going to do it for you.

Start with opening as many lines of communication as possible: Set up times to talk to people in different parts of the business, especially teams with which you rarely interact. Take leaders out to lunch and develop a detailed understanding of what they currently do and where they want to go.

Building relationships across the wider organization is critical for your team’s ability to contribute to the company’s success. And, as a bonus, it’s fascinating to learn about how your company is trying to compete and win in the market.

We’ve repeatedly found that the quickest way to start winning hearts and minds is by making life easier for our partners and enabling success across the business.

During those initial conversations, give colleagues a brief overview of what the security team does, but more importantly, ask them where they are having issues or problems with their technology and workflows. Find out what hinders their work so you can help fix those problems.

Benefits of repositioning

Once you begin taking this approach, people will start thinking of your team differently.

You’re no longer the people who say, “No, you can't do that, it's too risky.” You’re the ones who say, “We understand your team’s objectives, and we’re here to help you achieve them.”

You are now the team that collaborates to enhance people’s efficiency and effectiveness while adding additional security measures.

Positioning yourself this way has many benefits.

You will be more likely to be involved in projects early on when you can implement appropriate security controls with limited resistance. And business leaders will increasingly listen to your security concerns.

Now that they view you as a collaborator instead of a hurdle to clear, they’re more open to your suggestions and more likely to adopt recommended security measures. This is particularly important at the C-Suite level, as issues may be escalated to the CIO or CTO. In those instances, you’ll want a friendly point of contact who knows you have the business’s larger goals at heart.

How to foster team cohesion

Communication with your information security team is key to ensuring they all approach this work collaboratively.

My team has biweekly conversations on Monday mornings in which everyone contributes. A different team member leads the meeting each time, and all team members discuss what they're working on to provide the others with exposure to the many facets of the organization that we help. I then talk through business strategies and perspectives I’ve heard from governance committees and guiding organizations within the company so they can understand the larger goals to which our work contributes.

We also discuss how we want our colleagues in the company to see us. Last year, we established our own brand values for the information security team, clearly defining how we want the larger business to perceive us. We selected a set of core values, such as competence, empathy, professionalism and collaboration, and consistently emphasized these values in all our interactions with internal stakeholders.

This strategic focus on our values paid off. In a subsequent survey conducted among all Newell Brands global employees, I was delighted to find that many respondents described our team using at least three of the values we had chosen. This feedback not only validated our efforts but also reinforced the positive impact of our approach on the broader organization

Efficiency-enablers

It's satisfying to know that we’ve succeeded in positioning ourselves as the efficiency-enablers — not the road-blockers — in our organization.

To do so, we’ve had to be very proactive. We frequently view ourselves an internal sales team: constantly working to generate leads who might need us to fix things. We’re out there building the relationships that will smooth the path to effective collaboration when the need arises.

Every day, our approach to cybersecurity underscores its strategic importance in driving business success.

By integrating cybersecurity measures into our overall business strategy and aligning our security initiatives with the company's goals, we protect our assets while enabling innovation and growth as a catalyst for progress. This proactive stance allows us to anticipate potential threats and address them before they become issues, thereby maintaining the trust of our stakeholders and fostering a secure environment where the business can thrive.

Through our efforts, we demonstrate that cybersecurity is not merely about risk management but is a vital component of our company's strategic framework and contributes to its overall success.

Steve Ripple is Director of Global Information Security for Newell Brands.