Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration – Source: securityboulevard.com

In competitive rowing, particularly in an eight with a coxswain, every seat has a distinct role, yet success hinges entirely on synergy, precision and trust. When I rowed at university, I rowed in the seven-seat (same position as the main character in The Boys in the Boat), responsible for setting the rhythm with the stroke seat and translating power efficiently through the boat. When all eight of us were in perfect synchronization  — focused, aligned and executing our shared strategy — we glided across Lake Washington like a knife through butter. But the moment one of us fell out of rhythm, the boat lost its “true” and its efficiency shattered. Even a glance sideways to check our competition could disrupt the balance just enough to cost us a fraction of a second — often the difference between victory and defeat. 

The same principle applies to IT and security teams. Each has its function, but unless they row in unison — aligning on strategy, focus and execution — the organization flounders. When IT and security work against each other or in silos, efficiency breaks down, risks increase and business goals suffer. But when they move together, they create a seamless, resilient operation that cuts through challenges effortlessly.

Six Key Tips to Help IT and Security Teams Work More Effectively Together  

1. Know What’s in Your Environment  

The first step to effective collaboration is understanding your environment. This means having a clear inventory of your licenses, deployed software, devices and personnel roles. You cannot secure and manage what you cannot see. Whether your organization is small, medium, or large, you need to establish this same level of visibility.    

A critical aspect of this is device management. Due to market dominance, many software vendors focus on Windows, but IT fleets today include a mix of Chromebooks, Linux systems and Apple devices. Security and IT teams must recognize that the weakest endpoint determines the overall defense posture.   

By ensuring IT and security teams are aligned on what’s in the environment, you can break down silos and work together toward shared security goals, such as zero-trust implementation. Bring together leaders from different business units for longer-term strategic and nearer-term tactical alignments. 

2. Align on Policies 

Effective security starts with strong policies. A common question is, “Which software bundle manages policies?” The reality is that zero-trust isn’t a single tool — it’s an approach that includes threat intelligence, risk management, compliance, secure development lifecycle, supply chain security (digital and physical), policy enforcement, identity access management (human and non-human identities) and data resilience and much more.   

Security and IT teams should collaborate to ensure policies protect the overall business mission, not just the bottom line. For example, if security requires an agent to collect telemetry for advanced analysis (e.g., CrowdStrike, Halcyon, etc.), what’s the performance impact on endpoints? If the agent is running AI/ML workloads, how is it optimized for performance on XPU and non-XPU systems? IT fleet leaders care about security BUT they also demand top performance and battery life from devices.  Both security and IT teams together can align solutions that offer best-in-class security without degrading fleet performance. Aligning policies means finding the right balance between IT operational efficiency and security risk management.   

3. Measure and Improve MTTD (Mean Time to Detection) 

Reducing mean time to detection (MTTD) is a shared goal for IT and security. Whether identifying potential cyberthreats or IT infrastructure failures, a faster MTTD minimizes business disruption.  A switch failure could be a simple hardware issue or could be an attack kill chain in progress.  A delayed detection of an active breach can mean the difference between a minor incident and a major compromise.  By working together, IT and security can improve MTTD with real-time monitoring tools, automated alerts, alert prioritizations and threat intelligence.  

4. Measure and Improve MTTR (Mean Time to Response/Remediation)

Once a threat or failure is detected, mean time to respond (MTTR) is the next crucial metric. A fast response reduces downtime, limits damage and improves security posture.   

However, focusing on both MTTD and MTTR simultaneously can be counterproductive. MTTD depends primarily on technology (e.g., detection tools), while MTTR requires both technology and streamlined processes.  Some key strategies for improving MTTR are to automate remediation where possible, clear updated incident response playbooks and cross-functional preparedness training to ensure all IT and security teams can react quickly and efficiently to any incident. 

Additionally, security awareness training for all employees can help prevent incidents before they happen. Simple actions, like recognizing phishing attempts, securing passwords and avoiding tailgating, can dramatically improve security resilience.   

5. Continuously Review Ownership

Ownership in IT and security is one of the hardest challenges to solve. In many cases, responsibility over cloud workloads, applications and ephemeral systems isn’t always clearly defined.  For example, if a piece of code produces artifacts that later become part of a business-critical application, who owns the application? If multiple teams use different XDR (extended detection and response) platforms, then who owns security decisions?   

To avoid confusion and ensure accountability, IT and security should: Conduct regular reviews of new assets, applications and repositories to confirm ownership.  Using directory services, cloud systems and source code management tools not only helps infer ownership but also validates it.  Leaders should sincerely promote a true culture of collaborative ownership, ensuring that silos don’t create unnecessary friction, duplication of effort and proliferation of unnecessary security risks.  Ownerships should be clear but not exclusionary as the end goal is about enabling collaboration, not creating fiefdoms.   

6. Continuously Assess Your Tech Stack Together  

With rapid advancements in AI, cloud computing and security tools, ongoing assessment of your tech stack is essential.  It’s crucial to align IT and security strategies with business objectives, mission goals, long-term strategy and customer impacts.  While GenAI has benefits, exposing trade secrets or using unvetted AI tools can pose serious security risks. AI enables automation at scale, but attackers also benefit from AI-powered exploits. Choosing security solutions that integrate seamlessly, rather than adding disconnected tools that create complexity, help mitigate risk but also leverage existing technology investments by IT.  A well-assessed, collaborative technology stack ensures that IT and security teams are rowing in the same direction toward a secure and efficient organization.   

Final Thoughts: Security is a Team Effort   

A security-oriented culture isn’t just about technology, it’s about people, collaboration and shared responsibility.  To reinforce this culture, highlight how security enables business success, not just how it prevents attacks.  Celebrate security wins such as lower MTTD/MTTR metrics, strong incident response and risk mitigation efforts.  Involve employees in security ownership, from the C-suite to summer interns.  At the end of the day, strong IT and security collaboration ensures that organizations remain resilient, adaptive and secure in an ever-changing landscape.   

IT and security teams rowing together in synergy will propel their organizations forward through future waters smoothly, efficiently and securely. Teams failing to do so will allow misalignments that introduce new inefficiencies, vulnerabilities, risks and frictions negatively impacting their paths to success.  

Collaboration between IT and security teams has long been a challenge, yet it remains essential in today’s evolving threat landscape. With increasing cybersecurity threats, the shift to the cloud and the rise of AI, it’s more critical than ever for these teams to align on strategy and execution.