10 Insights for Playing “Follow the (Security) Leader”

Many books talk about various dimensions of leadership extracted from the experiences of fortunate individuals that have managed to work their way into the executive ranks of their respective organizations. There are many good security managers in this field, as this is a field that attracts those willing to make tough decisions, manage the latest crisis, and many times take an unpopular stand on an issue. Security managers may be viewed as putting up roadblocks that may add extra time, while operating in this generation of point-click-gotta-have-it-now mentality.

But, is being a good security manager the same as that of being a good leader? Managers are responsible for determining the projects and tasks which must be accomplished, assigning resources, and monitoring that quality deliverables are being produced. Management ranks are filled with individuals who are capable of performing these tasks; however, true leaders that inspire the organization to greater success remain fewer. As Michael Corby and Vaune Carr illustrate in their chapter entitled Security Leadership in the new book on security leadership published by ISC2 entitled, “CISO Leadership: Essential Principles for Success“, leaders discover that their causal phrases become part of the language of the organization without any apparent effort on their part. People take notice of their actions, the shadow they cast, and their viewpoints on various issues. In contrast, managers may be recognized for their ability to complete projects, however true leaders are usually noticed for their ability to make visible changes happen. In the short term, those leading security can get by with the critical managerial skills, but in the long term, successful security programs depend upon the seemingly little, insignificant day-to-day actions that leaders perform to inspire others to want to follow. Here are a few observations of activities which separate the security leaders from the managers.

1. Chicken Little

We have all heard it before, Fear Uncertainty and Doubt strategies have short-term payoffs, but cause long term loss of credibility with the security program. The difference between the security manager and the leader is that leaders are perennial optimists and view the “bad news” communicated by security managers as an opportunity to develop solutions to add new business benefits. Leaders demonstrate the ability to stay focused and not panic, which yields near-term solutions that are achievable, practical and realistic.

2. Leaders Find Leaders

Different organizations such as the Chamber of Commerce, Young Professional organizations, and others committed to bring leaders together are good places to learn leadership from others. These settings are usually made up of warm, friendly, approachable individuals that have a common desire to enhance their own skills.

3. Tell a Story

Leaders entertain others. Why is this important? People like to listen to stories and are much more likely to listen to a security presentation if it is turned into an interesting story. Stories capture our attention while providing the same mundane information in an interesting way. People would rather hear about a local news story of a bizarre security breach that actually happened in their community, than a word-for-word reciting of the requirements of California Senate Bill 1386 regarding the reporting of security incidents. For example, illustrating the recent event of an individual dressed as a maintenance worker, who walked into a Milwaukee, Wisconsin Veteran’s Administration facility and removed a 52inch flat screen TV from the wall, as people walked by and ignored his activity, is more likely to generate a lasting impression that discussing a law on security incidents!

4. Passion – Are You Having Fun?

Figure out what you love and get paid for it. Work is only work if what is being worked on feels like drudgery and everything seems like an endless chore. The leader should be having fun and experiencing the “zone moments”, where time just floats by because of the flow experience. The leader’s switch is always in the “on” position and the downtime “off” position is rarely seen by others. Each one of us has a gift, a purpose, a passion that excites our inner core. Managers tend to get through the day organizing their lives; leaders get through by connecting with their passion and enjoying the ride.

5. Create the Setting to Succeed

As Steven Covey describes so well in his book, “The 7 Habits of Highly Effective People”, leaders begin with the end in mind. Security leaders that take the time to describe the end result and formulate the action steps necessary to achieve the end-state goal have a greater chance of obtaining the organization’s resources that those that are driven by reactive projects without clear goals. People supporting the project want to get to this end state because they see the passion of the leader and can see the roadmap through the action steps to achieve the vision. As success is celebrated after achieving these goals, more people are drawn to the future initiatives of the leader.

6. Assume the Right Conditions Exist For Your Project

Planning projects in advance under the assumption that the conditions will be right, prepares the security leader strategically for when the opportunities do appear. This positions the security leader as a forward thinker.

7. Steadfastly Accept Challenges, Overcome Fear of Failure

Many times our perfectionist tendencies or our desire to project a positive image causes us to not try new ideas or work on projects where we do not have all the details. The secret truth is, no one does! Teams are critical for success because of this reason, as no one can know everything. Accepting challenges helps to overcome the fear of failure, by continuously achieving incremental successes. Most of the real learning that we obtain from work and life is based upon our experiences, and primarily, our failures.

8. Communicate Goals Concisely

Goals need to be specific to be effective and small enough to be manageable and attainable. Large projects should be broken down into smaller goals.

9. Security Leaders Are Good Business Leaders

Business leaders understand the big organizational picture, weigh risks, prioritize projects, examine the overall architecture and develop real, cost-effective solutions. Security leaders are also strategic, constantly looking out on the horizon for the next threat and opportunity.

10. Know When It Is Time To Go

The term “Jump the Shark” was coined after the Happy Days episode where Fonzi jumped his water skis over a shark. This unbelievable event made the Fonzi character laughable and unbelievable from that point forward. Recovery is very difficult after an event like this. We can point to numerous recent events in the news where single missteps by well-respected leaders resulted in their resignations. Good leaders know when it is time to move on to somewhere else where they can utilize the skills which brought them previous successes and have, unknowingly, prepared them for future opportunities.

Security leadership is not easy since it requires the tough-mindedness to know what battles to fight, the necessary resources to turn strategies into value-added deliverables, enlisting and empowering others to join the security initiative, and the experience to be able to effectively navigate the organization. Security Leaders are aware of the shadow they cast, and attempt to genuinely inspire the organization through the little things, which turn into others passionately following them to achieve… big things.

Post a Comment

Your email is never published nor shared. Required fields are marked *