When Kevin Anderson, Cyber Security Manager, joined Associated Bank in 2014, security consisted of a team of engineers who were responsible for multiple duties. With evolving security threats increasing, Associated Bank took the initiative and grew the department significantly, adding additional functions and skills. Associated Bank has built a model for attracting and retaining top security talent and is continually working on better retention and growth.
In this edition of our Customer Spotlight Series, we explore the concept of intentional growth and how leaders can invest more in team development to prevent burnout.
Removing the Jack-of-All-Trades Approach
Kevin acknowledges that one of the hardest things a leader faces when trying to grow a team is limited resources. Kevin knew he needed to break the “jack-of-all-trades, master of none” approach. Prior to joining Associated Bank, Kevin spent 11 years honing his craft at an insurance business. There, he worked closely with someone who helped him develop his career. After going through the process himself, Kevin realized the importance of training and nurturing people, especially in cybersecurity. “If it weren’t for my mentor believing in me and pushing me, I don’t think I’d be where I am today with the knowledge and experience that I have.”
Early on at the bank, Kevin had the opportunity to assess how security operations was being managed and to establish a formal Cyber Defense Center. In contrast to the traditional model where everyone does everything, it allowed him to guide the company toward a new approach, one that focused on protection, response, and defense, and that enabled a true career path for staff.
Joining Associated Bank also marked a significant change for Kevin as he transitioned from engineer to manager, when his experiences as a high school football player and fitness manager – watching people grow and make an impact – started to pay off. His focus shifted from his successes to the successes of the team and from day-to-day issues to the bigger picture.
A Winning Team Starts with Hiring the Right Staff
Hiring the right person for a job takes time and lots of patience, but Kevin is a firm believer that when you hire someone who fits into your model, it makes your job as a leader much easier. “I’ve gone months waiting to hire the right individual with the right skillset and team fit,” Kevin said. “But if you put the wrong personality into the mix, it causes a lot of friction and challenges dynamics.”
So how do you know who’s right for your team?
Kevin quotes Patrick Lencioni’s The Ideal Team Player, listing the ideal qualities of a team member as humble, hungry, and smart. He explains, “You want them to be able to grow, be humble, and have emotional intelligence when they work with people. Because then, your job as a leader is to take them, empower them, equip them, and remove the roadblocks.”
Kevin’s team is living proof of this concept. He says that even though some started with very little information security knowledge, he’s pushed them and empowered them to grow, train, and learn more so that they could become integral parts of the bank’s Cyber Defense Center.
Teach the Right Mindset from Day One
Kevin tells new hires, whether they’re fresh out of college or have years of experience, that he expects everyone to be a leader. Whether it’s meetings, projects, or teams, Kevin emphasizes the impact individuals can have from day one regardless of their role. “When we talk about security monitoring, the analysts can’t just be viewed as tier one—they are leaders. They’re the ones in the SOC we’re counting on to identify baselines—and when they see a shift, I encourage them to use the opportunity to learn and grow, not just go back to look at another ticket.”
That said, it’s also crucial that individuals have the desire to grow. To create a future best analyst or engineer or leader, those individuals need to have the hunger to want to grow themselves.
Kevin emphasizes the importance of being vulnerable to establish trust with a team. Being open about past failures or flaws can have a significant impact. He recognizes that failure is difficult, but also knows that if no one fails, no one ever grows.
“Any conversation, any chance you have to impact someone—ask questions, spark a new thought, listen to a podcast, read a book—may inspire them to take the next step. Some of your biggest impacts are from things you never even realized you did that help someone create that movement to a new thought,” says Kevin.
ReliaQuest: Evolving from Partner to One of the Family
Kevin sees ReliaQuest not as a supplier, but as a part of the team that helps his people develop and mature. “ReliaQuest isn’t just another third party—they’re part of our team,” says Kevin. “This partnership strengthens us and enables our team to move dynamically between proactive and reactive security. We know that if we ever have an issue or need help immediately, we can always call on ReliaQuest.”
It is a relationship that has evolved over time. “When we first started working with ReliaQuest, it was responsible for managing the SIEM,” Kevin explains. “But as we increased the scope of our relationship, we were able to collaborate more, and ReliaQuest helped us to become a 24/7 operation with better workflows.”
But the value of ReliaQuest goes further by adding a deeper level of protection: spotting issues, reporting back, and keeping an overview of the security environment. Kevin says that one of the ways he highlights value to his CISO is by communicating ReliaQuest’s proactive threat advisories and the emergency rules it has helped to establish. “It’s being able to say, hey this is a threat we heard about from ReliaQuest—it gave us the heads-up and now we are ready to act.”
ReliaQuest has been particularly helpful in developing the bank’s security teams. Kevin encourages his team to build relationships that enable them to gain knowledge, plug in to current events, and provide the support to perform at their best.
The Future Is Data Analytics
With a solid strategy, structure, and team in place, Kevin is now looking to the future. “Next we need to get deeper into data analytics and view our findings from a response perspective. This will save resources so we can be more productive. So far, we’ve relied on a SIEM approach. Now we need to dig into things that are heuristic: the idea of user-behavior analytics and why a system acted abnormally. This is exciting and it’s something I’ve anticipated for a long time.”
Kevin concludes by outlining his vision: “The premise of our Cyber Defense Center is to be proactive and respond rapidly. The challenge is to move dynamically between proactive and reactive without burning people out. If you can do that, then it raises the maturity of everyone.”