Winning Teams: Lessons for Security Leaders from Tim Baker
Why Security Leaders Should Rethink Team Performance
Directors in managed detection and response (MDR) roles face a balancing act. Some engineers and managers are seasoned experts with deep technical chops. Others are new, still learning the craft. The challenge isn’t just technical—it’s cultural, relational, and operational.
That’s where Tim Baker’s Winning Teams: The Eight Characteristics of High Performing Teams comes in. While the book isn’t written for security leaders specifically, its framework translates beautifully into MDR and detection engineering contexts.
The Eight Characteristics, Through a Security Lens
Baker’s research identifies eight traits that distinguish high-performing teams. Let’s explore how each maps to running multiple detection engineering and service delivery teams.
1. Build Trust
Trust is the foundation. In detection work, this means creating psychological safety. Engineers must feel safe surfacing false positives, design flaws, or coverage gaps. Without trust, silence leads to blind spots.
Director’s takeaway: Model openness with your managers. Recognize those who raise tough issues, not just those who “get it right.”
2. Share Leadership
High-performing teams don’t rely solely on formal managers. Expertise should lead when the situation calls for it.
Director’s takeaway: Empower senior engineers to lead threat hunts or design sessions. Encourage managers to step back when others have the expertise.
3. Be Agile
Attack techniques evolve daily, and rigid processes can’t keep pace.
Director’s takeaway: Maintain stable core processes but allow room for rapid adjustments. Give new hires structure, while granting veterans the freedom to experiment within boundaries.
4. Create Purpose
Analysts overwhelmed by alerts can lose sight of the bigger picture.
Director’s takeaway: Frame the mission clearly—we’re not just tuning detections, we’re protecting client businesses. Purpose energizes teams beyond ticket closure.
5. Manage Stakeholders
Detection teams serve both internal partners (SOC, IR, engineering) and external clients.
Director’s takeaway: Train managers to anticipate client concerns like false positives or SLA fears. Help engineers see how their work impacts downstream consumers.
6. Improve Systems
Outdated processes can derail even the strongest team.
Director’s takeaway: Encourage Kaizen-style reviews: “What in our pipeline slows us down?” Make system health as important as detection quality.
7. Utilize Diversity
Veterans bring intuition, while new hires contribute fresh perspectives.
Director’s takeaway: Pair juniors with seniors in detection reviews or sprints. Celebrate both depth and fresh eyes—both prevent blind spots.
8. Learn Continuously
Static detection logic ages fast. Attackers don’t stop learning.
Director’s takeaway: Build learning into the workflow. Retrospectives, detection reviews, and cross-team knowledge sharing aren’t extras—they’re survival tools.
Why This Matters for MDR Leaders
Directors in MDR face pressure from multiple angles: client expectations, operational efficiency, and evolving threats. Baker’s framework provides a way to scale team maturity across uneven levels of experience. It shifts the conversation from “Are we delivering?” to “Are we building the conditions where high performance is inevitable?”
Director’s Scorecard: Applying Baker’s Eight Characteristics
Here’s a one-page guide you can use to embed these principles into your MDR or detection engineering function:
| Characteristic | Director’s Practice | Signs of Success | Metric / Check-In |
|---|---|---|---|
| Build Trust | Reward transparency and candor. Protect staff who surface issues. | Engineers openly flag gaps and false positives. | Number of “issues raised” in retros; 1:1 feedback. |
| Share Leadership | Allow technical experts to lead projects. Support situational leadership. | Seniors drive hunts; juniors step up when ready. | Track leadership opportunities across levels. |
| Be Agile | Keep core processes but allow fast pivots when needed. | Teams adjust quickly to client or threat changes. | Mean time to adjust detections/playbooks. |
| Create Purpose | Connect detection work to protecting clients, not just alerts. | Engineers link tasks to mission in discussions. | Pulse surveys on team purpose clarity. |
| Manage Stakeholders | Proactively engage clients and internal partners. | Clients feel heard; internal friction decreases. | NPS/client satisfaction; cross-team feedback. |
| Improve Systems | Run regular process reviews; prioritize fixes. | Fewer bottlenecks, smoother deployments. | Number of process improvements implemented. |
| Utilize Diversity | Pair veterans with newcomers; value different perspectives. | Fresh eyes catch blind spots; morale is balanced. | Cross-seniority pairing count; peer review quality. |
| Learn Continuously | Schedule retros, brown bags, and learning sessions. | Continuous iteration of detections; visible learning. | Hours dedicated to learning; improvements per sprint. |
Final Thoughts
Security leaders don’t need another technical framework—they need cultural and operational ones that help teams thrive. Baker’s eight characteristics give MDR directors a practical, people-centered playbook.
The takeaway? High-performing detection engineering isn’t just about the detections. It’s about trust, adaptability, and purpose—and those start at the leadership level.
