In my years of observing high-performing security teams, I’ve noticed a counterintuitive pattern: the most effective ones aren’t always the most harmonious. In fact, teams with built-in tension often produce more innovative and robust security solutions. Here’s why embracing productive conflict might be the key to strengthening your security posture.
NASA’s investigation into the 1986 Challenger disaster provides one of the most well-documented cases of how organizational harmony can lead to catastrophic outcomes. The Rogers Commission Report revealed that engineers who had concerns about the O-rings’ performance in cold weather were present, but felt unable to effectively challenge the prevailing group consensus. This tragic example, while not from cybersecurity, demonstrates how even highly skilled technical teams can fall victim to groupthink.
In the same way, the U.S. Intelligence Community made significant reforms post-9/11, documented in the 9/11 Commission Report, specifically targeting organizational groupthink. Those reforms created structures for intentional disagreement and alternative analysis. They also led to the creation of “red team” units and formal devil’s advocate roles – practices now common in modern security operations.
The most resilient security teams deliberately maintain cognitive diversity. Here’s what this looks like in practice:
These intentional tensions create “requisite variety” – the idea that a system’s internal complexity should match the complexity of its threats.
Research from Harvard Business School suggests that teams with managed conflict outperform their harmonious counterparts by up to 40% in complex problem-solving tasks. The key lies in understanding the difference between cognitive conflict (disagreement about ideas) and affective conflict (personal friction).
There are three common types of beneficial team conflict:
The most successful security teams actively manage all three (3) types while preventing them from becoming personal.
So, how do you foster beneficial tension without descending into dysfunction? Research from the MIT Sloan School of Management suggests three key principles:
Here’s a recent example: A major retailer’s security team was divided over implementing a new zero-trust architecture. The tension between those advocating for innovation and those who preferred stability led to a hybrid approach that proved more effective than either original proposal. The key was channeling the conflict into productive discussion rather than suppressing it.
Another case study comes from a multinational bank where deliberate conflict between risk-focused and customer-experience teams led to the development of a novel two-factor authentication system. The solution balanced security with usability in ways that neither team would have achieved independently.
Remember: The goal isn’t to create discord, but to harness the creative energy that comes from different perspectives colliding in a constructive way. What’s your experience with team conflict in security settings? Have you seen cases where disagreement led to better outcomes? Share your thoughts in the comments below.
Assisting your organization in creating a strong cybersecurity culture is something that IntraSystems Advisory Division can help with. Reach out today and let’s talk!
MEET MERVYN CHAPMAN | Advisory, Cybersecurity/GRC
Mervyn brings over 20 years of experience in Cybersecurity and Information Technology. Currently a Doctoral Candidate in Cybersecurity Innovation Management, he brings a people and process centric perspective to security operations and management. He has served as a Chief Information Security Officer in the Healthcare and non-profit space and as a Principal Consultant within a large nationwide consultancy. He is passionate about user involvement and education as well as crafting business-relevant security policies and processes.