In the cybersecurity landscape, it’s easy to label those in leadership positions as technical folks. Technical aptitude and expertise do matter in the field. However, cyber leadership in today’s climate has evolved to become a multifaceted role that requires communication, collaboration, and creativity.
As a result of the many factors impacting cybersecurity, from talent shortages to an increasingly sophisticated hacker network, organizations must rethink what cybersecurity leadership means. It’s pertinent to today and what will come tomorrow.
In this post, we’ll cover the maturity and changes present in cybersecurity leadership, areas in need of attention, and how those leading these efforts can create a healthy and thriving culture.
Is Cybersecurity Leadership Getting the Standing It Should?
It’s a fair question with many answers. Often, enterprises treat cybersecurity as a back-office part of a company. They don’t want to call too much attention to it internally or externally. The C-suite wants to quell any concerns about being cyber secure, but they don’t want to know the details.
This is a key problem, and it leads to greater risk. Cybersecurity deserves a seat at the leadership table. Without this visibility, risk seems abstract. Cyber leaders have to convey the threat landscape as something real and imminent.
These will only grow as the business does. Many areas of emphasis related to business objectives must have security in mind. Digital transformation initiatives, for instance, focus on modernization, agility, and automation. They all have a cybersecurity component. Additionally, the amount of data companies generate, collect, use, and store is massive. It’s the new fuel for companies to innovate and be more data-driven in decision-making. Unfortunately, it’s also very appealing to cybercriminals.
So, the first part of rethinking cyber leadership is ensuring they have a voice. Involving cybersecurity early and often in strategic plans is a must. For an organization to succeed here, it can’t be an afterthought.
Once they have a seat, maintaining attention means escaping the stereotype that cyber leaders only have technical aptitudes.
Cyber Leaders Must Have an Array of Skills to Shift Organizations into Cyber Resilience
Historically, many organizations have treated cyber leaders like CISOs (Chief Information Security Officers) as technical resources. They’ve never expected more, but they should. Those in these positions need a hard skill foundation, but there’s much more to winning the cybersecurity war than these abilities.
CISOs have the responsibility of securing a business. It’s a tall order that can’t be met with such technical proficiency. They must make strategic decisions about business models, digitization, resources (human and technology), accessibility, network infrastructure, compliance, and more. These determinations don’t occur in a vacuum. Many stakeholders need to provide insights and recommendations. Gathering this intel, working through challenges, and creating value come from mastering soft skills.
Having these attributes isn’t always easy for cyber leaders. It’s a continuous journey of developing these skills. An open, flexible mindset is imperative. When those at this level have a well-rounded skill set, an organization can operate more intently and proactively regarding cyber threats.
Here are some ways that cyber leaders can use their entire range of skills to keep their organization secure:
- Develop a cybersecurity strategy that’s more than technical. The foundation for cybersecurity is a good strategy. However, it can’t be solely technical in nature. It needs to align with business objectives and account for every kind of risk. The business context will typically drive what to prioritize. You may deal with competing ones from different lines of business. Thus, you’ll need to be an active listener in hearing from these folks and then use transparent communication to convey your best course.
- Ensure cybersecurity always has influence. Anything dealing with data, network, and application security needs your expertise. Your effect should be across the enterprise to ensure a security-first approach. Some groups may see your role as one that inhibits innovation. It’s another misconception you’ll need to correct. The real issue is when no one invites cybersecurity to the discussion until much later.
- Be a storyteller. When interacting with other leaders in a company, cybersecurity heads have to evolve from technical presenters. It’s not just “Here are the facts, and this is why we’re right.” That doesn’t go very far in getting consensus and buy-in. When you get the opportunity to inject your expertise, talk to people on a human level rather than a technical one. Adjusting how you communicate will help people connect the dots on the business side. They won’t see you as someone here to spoil all their plans but as a partner invested in their success.
- Use conflict management skills to fight friction and tension. Cybersecurity is a serious business. Suffering a breach or attack has monetary and reputational consequences. Business leaders get that but rarely agree on how much money and resources should be allocated. There will also be disagreements about how to weave cybersecurity into the company’s digital footprint. Thus, there will be lots of negotiations, and they may be hostile at times. Cyber leaders must become good at conflict management and diplomacy to get everyone on the same page.
- Build a team that will follow your lead in honing people skills. Another area of responsibility is the staff you manage and develop. As noted, cybersecurity has a significant talent gap, with many open positions available and growing. Recruiting the right people and keeping them is critical for your role as a leader. You need a team that will be able to communicate and collaborate. When you assemble this group that encompasses hard and soft skills, you’ll be able to do much more to influence and cultivate a healthy cyber culture.
So, how can you improve your own soft skills and those of your team to help you navigate cybersecurity’s future? The Secure Methodology™ can help.
The Secure Methodology Supports and Empowers Cyber Leaders
The Secure Methodology is a seven-step framework that transforms technical folks into communicators and collaborators. I developed it as a way for companies to develop their people in a way that would drive growth for individuals, teams, and businesses. It can be an excellent guide for empowerment and support. Here’s a quick preview of its pillars:
- Awareness. Cyber professionals often lack understanding of themselves and others, and that causes conflict and obstacles to progress. Helping them move toward awareness widens their perspectives, which is crucial for organizations as they improve cybersecurity processes, policies, and strategies.
- Mindset. Enabling people to grow from a fixed to a growth mindset ensures they consider the future and how to tackle emerging threats. This is so key for cyber leaders and teams to grasp. There’s no communication, collaboration, or innovation when the mindset is closed. Instead, cybersecurity operates in a silo, never changing or adapting. It creates much frustration on the business side and accelerates risk. Shifting mindset isn’t easy. With a commitment to it and by following the exercises, you can begin to see real change here.
- Acknowledgment. As a cyber leader, you have ultimate control over this. It starts with how you treat your employees when they do something right and something wrong. Appreciation for when they perform well and win over cybercriminals should be consistent and often. When they receive this positive response, they feel they are part of something, and the need to adapt their perspectives seems less scary. Accountability for bad performance or mistakes is important, too, but this should happen in private. It should involve going through the issue and determining what went wrong so there isn’t a repeat of this.
- Communication. Being a great communicator and encouraging this in your staff is the number one people skill to have. When communication is transparent, honest, and free of jargon, there’s no ambiguity. Speaking inclusively within the team and outside of it sets you up to be a strong leader for the enterprise. Practice this every day with your team.
- Monotasking. In monotasking, a worker focuses on one task, and it’s something rarely used in any role. Most think we should all be multitasking, but that misconception leads to errors and mistakes. Concentration matters, and this is something to champion for yourself, your team, and the entire enterprise.
- Empathy. Cognitive empathy means you understand another’s feelings and perspective. While it seems pretty basic, it’s not as prevalent as we would like. When your cyber team does act with this in mind, it supports awareness, mindset, and communication. Encouraging an empathetic culture will be crucial to growth and evolution.
- Kaizen. This Japanese term means “continuous improvement,” and any cyber leader will flourish with this perspective. Making it part of your philosophy will ensure the continued progression of cyber leadership as a key to a company’s future success.
The Secure Methodology is an agent of change. Change is the hardest part of any job, but it’s necessary in cybersecurity because of the dynamic nature of the field. By applying it to your cybersecurity culture, you can impact how the enterprise views you and the influence you have. You can learn more about it by reading my book, The Smartest Person in the Room.