In episode 4 of our Security Leaders Perspectives series, cybersecurity leaders describe the qualities they think differentiate a “good” security leader from an “outstanding” one.
Know Your Stuff – Chris Carlson
“Domain knowledge and the ability to differentiate between a true expert and someone who’s great at projecting self-confidence”
Leaders are responsible for making the right calls at the right moment. This requires knowledge of their field and the ability to identify that knowledge in others to make sure that they are listening to advice from the right people.
Build for the Future – Larry Trittschuh
“Build a program that’s sustainable and long-lasting.”
Right now, security is often driven by the people in charge, and the tenure of security leaders is often short. An “outstanding” security leader is one that can build a program that endures after they move on to the next opportunity.
Break It Down – Max Tumarinson
“Tell a story. Break things down into business terms for all to understand.”
Security leaders are part of a team, and many of these team members don’t have a security background. A security leader should be able to convey technical concepts in ways that people with other backgrounds – such as business – can understand.
Speak Their Language – Charles Blauner
“Be ‘multilingual’ – be a ‘translator’”
Everyone within an organization has their own frame of reference through which they view the business. An effective security leader is one who can explain security concepts in a way that fits within the listener’s worldview and frame of reference.
Be Well-Rounded – Leon Ravenna
“Tech skills and soft skills.”
Often, the cybersecurity field focuses on technical skills, which influence how well someone can do their job. However, the soft skills are what determine how well that person can operate as part of a team, which is vital for a leader.
Push the Envelope – Aric Perminter
“They don’t take no for an answer, and they leverage everything within their tool belt in order to solve the problem.”
Instead of just continuing on with the status quo, an outstanding security leader pushes the envelope beyond the norm. This curiosity and passion enables them to find a better solution to the problems that they face and encourages their team to embrace their own curiosity and ingenuity.
Security Supports the Business – Charles Blauner
“Be as secure as possible in support of a business objective.”
Security is part of the business and needs to support the goals of the business. It is better to be as secure as possible while pursuing business objectives than completely secure and bankrupt.
Build Bridges, Not Walls – Benjamin Corll
“Combine tech and business – be seen as a business partner.”
It’s important to understand where the business is heading. When someone comes to you and says “this is what we need to do”, don’t just say “no”. Say, “this is how we’re going to get there”.
Be Collaborative and Approachable – Leon Ravenna
“Make a deliberate approach to be approachable.”
Security people have a reputation for always saying no. Make a deliberate effort to be collaborative, approachable, and build relationships. This way, when you have to say no, it’s softened and doesn’t ruin your relationships with your teammates.
Take Time to Explain – Benjamin Corll
“Relate to people, explain things.”
Many people don’t understand security, and a security leaders’ “yeses” and “nos” may not make sense without context. Taking the time to explain decisions to people builds understanding, trust in your decisions, and security awareness throughout the business.
Learn From Failure – Tim Tillman
“The people who admit that they have had a breach, but they learned from it, admit that they have made mistakes but they’ve learned from it, or who admit that they don’t know everything.”
Anyone can be breached, and never having experienced a breach doesn’t make you a great security leader. A great security leader is the one who learns from experience and is always looking for ways to prevent the next breach.