Pros
The current leadership is extremely engaged and supportive , both in terms of uplifting capability and making it a good place to work. They are open to new ideas, different approaches and listen. In my role there has been good support for uplifting the current capability and I have been given the time needed to do it. Budgets are improving and I arrived out of budget cycle so this should be resolved in the new financial year. Salaries are in line with market and improving, there is a focus on improving cybersecurity consciousness within the organisation,
Cons
Collaboration is generally good intra team and there are some inter team aspects working however like most orgs a bit more effort can be made to share the day to day. There are regular town halls etc however these tend to be high level. Being a smallish org there are some budgetary pressures and there is a heavy emphasis on open source which is positive in a lot of respects however doesn't really work as well in the security space for some core technologies needed. eg Things that require very regular updates such as CTI, vulnerability data, etc. These have commercial tools in place and there is a bit of a disconnect between the philosophies here. Historically documentation has been patchy however this is rapidly improving. At the moment a lot of the early design and architecture decisions are not clearly documented and this creates some confusion as to why things are deployed the way they are. There is an active effort underway to resolve this however. Overall the organisation is progressing from a start up through to adolescence to then become a mature enterprise. To be part of this is interesting however there is a little bit of awkwardness for those who need to use mature processes, full details and all the information at hand.