Bringing Collaboration and Conflict Management to Corporations
Michele Chubirka is a Cloud Security Advocate at Google and a current IIRP Graduate School student. She uses her skills as a restorative practitioner to promote a more collaborative, respectful relationship between cybersecurity experts and those they serve. Her unique approach to risk management integrates restorative practices into security programs. She presented about how she combines these fields at the 2023 Online IIRP World Conference.
Q: What brought you to the IIRP?
A: I have been a technologist for 28 years, working primarily in cybersecurity. About ten years ago, I realized that the punitive, shaming approach many cybersecurity professionals took with the user community, blaming and sanctioning them when they failed to address security vulnerabilities in systems or applications, was ineffective. I also found that I was no longer comfortable with the language of cybersecurity, which was grounded in a foundation of humiliation, coercion, and violence. I observed that the predominant approach was based on a retributive taxonomy from the criminal justice system, and I wondered if a peace-building approach could be more effective.
I started working with the founder of a conflict management technique called Respectful Confrontation to promote a more relational approach to cybersecurity, and we integrated ideas from Marshall Rosenberg's nonviolent communication and restorative justice.
Unfortunately, the security community’s reception to this suggested approach was lukewarm. Finally, during the pandemic, I decided I needed more formal grounding in restorative justice and practices to build a proper framework for my method, so I enrolled in the IIRP Graduate School.
Q: Please tell us about your professional work and what makes you passionate about it.
A: I operate as a restorative justice practitioner within the domain of cybersecurity within large organizations, including technology companies. As this approach is a novel application, I am alternatively seen as controversial, idealistic, or naive. However, I am undeterred, because attacks against organizations are increasing, as is the internal conflict and divisiveness over how to address the problem. Something must change.
If security teams want to build effective programs that reduce the negative impact of security vulnerabilities and data breaches, they must learn to meet software development and engineering teams where they are through more collaborative processes. Restorative practices could provide a framework through a set of techniques that would foster a relational culture to support the organizational change efforts in managing risk. By partnering "with" development and engineering teams, security practitioners could work more supportively and embed themselves into the overall software development and operational lifecycle. This allows security, engineering, and development teams to feel empowered to resolve conflict and add value to the business portfolio.
Q: What would you like to see in this field in the future?
A: I would like technologists to understand that not all problems can be solved by technology. In the future, I would like to see restorative, relational cultures within large organizations.
