Being a leader is not an easy task, regardless of the industry. Quite frequently people in the cyber security industry are promoted up from technical positions and are left to "figure it out." The principles you follow will largely be your own; they are extremely personal to you. If you're seeking a set of principles to model what others have done, then you're in luck, continue reading! This post aims to deliver a set of principles for cyber security leaders and influencers.
1. Mission above self
There will be many opportunities to advance yourself professionally if you do a good job, sometimes even when you don't do a good job. In those latter cases is when things will typically come back to haunt you, your reputation will take a hit, and it will be difficult to recover. Many of us got into this field to make a difference and help protect people, data, systems, and organizations, so it's imperative that we put that greater sense of mission above short-term personal gain. The gain will come when the mission is a success.
2. Invest in your people, and it will pay dividends
As a leader, you cannot succeed without your people. People might be those who report directly to you or those you must influence. By investing in other people's success you build trust and their success often leads to your success, or at least there is a spillover effect. Sadly I've met too many people in my career who would rather take the credit for a project they only minimally worked on, hoard all of the most visible work for themselves, keep critical knowledge in their heads and on their laptops only. Don't be one of those people. When your people are successful, it will frequently pay dividends.
3. Seek and embrace feedback
Leaders should never presume that because they have a certain title or have a certain number on their paystubs relative to others that their ideas and approaches are superior. Actively seek out feedback from everyone around you so that you can figure out what you're doing well and where you need to change and grow. Seeking out feedback is not enough though, you must also act on that feedback to make sure that it keeps coming. If you don't act then they run the risk of feeling like a broken record and in the future, they won't bother.
4. Keep your composure in times of stress
Losing your head and breaking down during times of stress (and there will likely be many as a cyber security leader) is a surefire way to signal to others that you aren't thinking clearly when things get tough. You might be going through an incident, dealing with negotiation, or trying to convince a stubborn team that vulnerability is worth patching sooner rather than later then you're in a spotlight. If you find yourself getting emotional and acting without much forethought in these situations, then you need to find a way to regain composure. Napoleon once said, "if you do not conquer self, you will be conquered by self."
5. Prepare contingencies
Things will go wrong at some point in your career. This turning point might be a data breach; it might be a botched project, a poor hire, or a mistake on your part. To set yourself up for success when things get stressful it's useful to know what you're going to do when things go wrong. Your contingency can be as complex as a full incident response plan with detailed operating procedures or as simple as a checklist to run through. Contingency planning will help you maintain composure in tough situations because you've already thought through the scenario, you know what to do, now you just need to stay cool and execute.
6. Prioritize and execute
It's challenging to work with a leader who cannot prioritize what work needs to be done, which fire is the biggest, what happens when something unexpected inevitably comes up. The way and the things you prioritize will depend on you and your organization, your context, your goals; so I can't tell you what to prioritize. The important thing is that you have a process in place for how you prioritize the many different things that are happening and bound to happen and then you execute on them.
7. Never stop learning
This principle ties into principle number 3 on feedback but you should always be learning, both of yourself and anything else you can to expand your perspective, improve your technique, etc. You don't always have to read or learn from other cyber security professionals, trying to find ways to study outside of your field and then bring lessons back can be a tremendously useful strategy. The important thing is that you don't allow yourself to stagnate, remain a student of the world around you and most importantly, of yourself.
Adjusting to a role as a security leader can be challenging amidst all of the new responsibilities, technical, business, and people related. If you find yourself needing a sounding board, a coach, a helping hand to work through these challenges and win, hit that subscribe now button below to sign up for 1:1 monthly coaching sessions.
Identifying and naming the principles that you want to follow as a leader is important as you get started. The principles above are here as a framework, a starting point, only. You may find that some of them don't work for your personality and that's OK, in my experience working with leaders in this field however, you will be hard pressed to go off course following this path.