In many cases, a cybersecurity leader is expected to think and act like a leader but may not be given the same visibility, responsibility, resources, or opportunity within the organization to do so. Further, cybersecurity leaders often find themselves in the security leadership role without sufficient leadership training or preparation, having been designated for the position on the basis of being the most technical person in the department or the individual with the most experience in firewalls and networking (two technical realms often associated with cybersecurity). Regardless of how a cybersecurity leader finds himself/herself in the position, it is an opportunity to truly make a difference at an organization. Cybersecurity leaders with the right mindset, passion about the position, fearlessness, and a willingness to work hard have a great chance of success.

My book, Risky Business: Cybersecurity Leadership the Right Way, shares relevant, practical, and actionable insights from one cybersecurity leader to another. This is not a technical book, because the most important parts of a security leader’s job are not technical. The book leverages a career’s worth of experience as a security leader and a concise, impactful communication style to provide you with a guidebook to success as an InfoSec professional. Some of you may think that your role doesn’t require you to be a leader yet. But everyone can be a leader, in their own way, in any situation.

Earning Credibility

To be effective as a cybersecurity leader, you must have credibility within the organization.  While credibility comes partially from demonstrating expertise, the true measure of credibility for a security leader is having a seat at the table for key conversations. To earn credibility with your company’s leadership team, your cybersecurity efforts should connect to your organization’s larger business objectives. If you can succinctly and effectively articulate how security measures and program components support the goals of the business, you’ll earn the respect of your organization’s executive team. Putting cybersecurity in perspective based on the larger goals and objectives of your business will help you and your security team be a lot more effective when it comes to talking through ideas and initiatives.

The ideas discussed in the first section of the book will help you build credibility with your leadership team. Two key leadership traits that are truly critical to earning and maintaining credibility are Character and Responsibility.

Legendary leaders have strong character, and they work diligently to develop it and fight fiercely to protect it.

Build Allies, Not Adversaries

To be effective, security leaders must have allies within an organization.  To make a meaningful impact on your organization’s security posture, you must find other company leaders that are willing to support your security initiatives and the associated cost. Security leaders who keep saying “no” will eventually no longer be asked to weigh in, and their ability and opportunity to influence new initiatives will be diminished. Those who learn to quickly analyze and process the new initiative and jump in to become a part of the planning and implementation process, while also properly managing risks along the way, will be viewed as a partner and valuable contributor to the business’s efforts.

Unfortunately, some cybersecurity professionals approach their work with an “us against the world” mentality. They’re constantly frustrated because others within their organization don’t seem to understand why cybersecurity is important. They feel like they are always having to fight for budget, attention, and relevance, and it makes them defensive about their cybersecurity program and their own efforts to address security issues. Not only do they find themselves in an adversarial position with some business leaders, they think of vendors largely as a necessary evil as opposed to a potential partner in their endeavors.

As someone who has worked as a cybersecurity leader within an organization and as a vendor, I can tell you firsthand that a defensive mentality is one of the most dangerous ways to approach security work. If you want your security team to build the kind of comprehensive cybersecurity program your business needs, you must find allies inside and outside your organization that can help support your efforts.

Building allies is about more than getting people to agree with your point of view. You want them to be rooting for your success as well. The topics shared in this section will only work if paired with two leadership traits: Humility and Gratitude.

No leader can be successful without great teammates.

Hone Your Message

How do you know if your cybersecurity program is truly working? That’s the million-dollar (or for most businesses, the tens-of-thousands of dollar) question. And, if you’re lucky enough to be able to dedicate resources to your organization’s cybersecurity program, this is an important question to answer.

As good corporate citizens, we owe it to our organizations to make sure the time, energy, and resources that the company has elected to invest in cybersecurity are making a positive impact and delivering the desired improvements in cybersecurity posture and risk reduction.

This section focuses on honing your cybersecurity message and learning how to communicate the value of your program. While focusing on these important tasks, be sure to work on yourself as well. Leaders must continue to learn and develop their knowledge and skills. Maintaining your physical health and always seeking to give your best effort in all you do are crucial as well.

True leaders never give less than their best.

Looking for a Trusted Partner That’s Been Where You Are?

As a team of highly skilled cybersecurity professionals with years of security leadership experience, LBMC Information Security is here to help. If you’re looking for a partner who will listen and can help you take significant steps towards achieving your key objectives, contact us today. You can also explore our Security Consulting services to learn more about the various ways we can help you with any aspect of your information security program.