Many readers of Enterprise Security are focusing on technical topics to increase knowledge and gain expertise. There is also an opportunity, and need, for those same individuals to learn about leadership. Many cybersecurity technicians are being asked for input and participation on a wider level in their organization, yet they lack the skills to effectively help their organization, and career, move forward.
Let’s spend a few minutes looking at some of the essentials of leadership for cybersecurity professionals. During this exploration, we will also look at a couple of key leadership principles that are important for everyone to know.
The best way to begin is to look at how effective cybersecurity leaders are leading and determine the key characteristics of those leaders. In August of 2019, SecurityIntelligence. com published this data. In the article titled “The Many Dimensions of Effective CISO Leaders” https:// securityintelligence.com/articles/ the-many-dimensions-of-effective-ciso-leaders/ they identified 5 characteristics of successful CISOs (Table 1). While everyone may not aspire to reach the CISO level, studying this level of leadership will help anyone gain essential forward-movement techniques.
There are several key takeaways from this study. First, CISOs are expected to have high strategic leadership qualities, followed by strong communication skills and relationship building capabilities. Notice that Technical skills lagged behind the skills often characterized as “soft skills”. An effective CISO needs to have a strong set of interpersonal skills, in addition to technical skills, in order to be an effective leader.
By delving even further into this phenomenon, the need to establish a clear vision becomes paramount. That vision incorporates both a vision for the Cybersecurity Program, and a vision for how Cybersecurity can be an enabler of business, not an inhibitor. The CISO has to be part of the department of K-NO-W, not the department of N-O. This is where many Cybersecurity leaders fail.
Cybersecurity leaders must think more like risk managers, acknowledging that some amount of risk is essential to keep business moving forward. If Cybersecurity says “NO” too frequently, the business leaders will stop asking for input and end-run the security program to get something out the door. The key is for the Cybersecurity leader to become a Trusted Advisor instead of a Subject Matter Expert (SME).
The Subject Matter Expert is invited to the leadership table for the 10-15 minutes that executives want an SME. Then they are dismissed to go back to work, rather than being invited to stay and help make decisions. On the other hand, Trusted Advisors are invited for the entire decision-making process. Effective Enterprise Cybersecurity leaders move from being the SME to a Trusted Advisor through applying specific leadership principles.
What are the key forward-movement leadership principles to become a Cybersecurity Trusted Advisor? The answer is largely found in the skills in Table 1. Building those skills will result in becoming a Strategist, Effective Communicator, Builder of Strong Business Relationships, Implementer of Risk Management and Developer of a strong Cybersecurity Culture throughout the organization. These are the skills that are required of a Cybersecurity TrustedAdvisor.
There is one fundamental skill often overlooked by Cybersecurity Leaders. This skill is seen as critical in business leadership material, yet has not been widely promoted in Cybersecurity. Emotional Intelligence, sometimes abbreviated EI or EQ, incorporates awareness of one’s emotions and interpersonal relationships. Emotional Intelligence is often divided up into 5 categories: Self-Awareness, Self-Regulation, Motivation, Empathy and Social Skills. It is beyond the scope of this article to cover this topic in depth, but Empathy and Self-Awareness are two that most Cybersecurity professionals would do well to study to improve their likelihood of success in a leadership position.
Most successful Cybersecurity professionals have developed a “life-long-learner” mindset toward technical skills. However, as we see in Table 1, that is only a small portion of what determines success at the highest levels. Those who desire a stronger leadership posture within their organization must also embark upon a journey of Personal Leadership Growth. At some point in their career, learning about Emotional Intelligence, discovering and developing individual strengths must also follow.
This is exactly what most companies are looking for with their individual contributors. As a Cybersecurity beginner, the above skills are great first steps to success. However, as previously stated, this won’t achieve the highest levels of leadership. A journey of self-exploration and discovery around Emotional Intelligence is necessary to continue forward movement.
Commit to being a Cybersecurity Trusted Advisor who solves problems and promotes forward movement in their company and career!