5 leadership principles for the Cybersecurity professional

An opinion piece by M.K. Palmore, Field Chief Security Officer at Palo Alto Networks

Leadership is at the core of all success and failure in business. During a time of crisis, the critical strengths of leaders, such as compassion and agility, are pushed front and center for all to see. Some organizations will thrive while others will struggle and much of it is based on the decisions and actions of leaders.

Every organization needs good leaders, especially when things get tough. So, it’s important to keep developing your own skills as a leader, as well as grooming the next generation of leaders.

In cybersecurity, it’s not uncommon for technologists to manage teams. I have been lucky to work for technologists who not only have a good perspective on leadership but can practice what they preach.

However, the more common refrain is that technologists understand technology but not people, that they tend to be technically competent but lack the social and emotional skills required for effective leadership.

This presents a challenge in cybersecurity. As a field that demands specific knowledge and deep expertise, technologists are the natural choice when it comes to leadership. For non-technologists, it might seem daunting and they can feel overrun by the complexity of constant technological advances.

But here’s the funny thing about leadership — if you give me a skilled leader I could put him or her in charge in nearly any scenario and the outcome would likely be promising. A skilled leader knows how to motivate a team, inspire people, solve problems, delegate tasks, and be the captain of the ship providing confidence and a sense of community.

Of course, domain-specific expertise still matters. In leading people with technical skills, they need to know that you have a grasp of the concepts before they will accept your vision and strategy. That part falls on you. In addition to evolving your leadership capabilities, you must pay attention to honing your technical skills.

Leaders are not born. They are forged through deep experience and have two overriding characteristics: They are consistently self-aware, and always seeking to improve their skills in leading people.

For technologists seeking to become better leaders, or non-technologists seeking to lead better in cybersecurity (or a related technical field), I want to share five broadly applicable principles that have guided me through the years. Keep these in mind when you get a group of high performers waiting to be led:

1. Let your eagles fly

Good leaders recognize exceptional talent quickly. These eagles are normally well regarded by others and quickly prove their value and usefulness to the team. Once you have these one or two folks identified, share your overall strategy and vision and then let them do what they do. Eagles rarely require intervention and direction. Once imbued with the strategic vision of the leader they typically forge ahead and bring a lot of value to the team. Leaders can get hung up on methods. Don’t! The worst thing you can do is attempt to impose your methods on someone else. It worked for you; maybe you are an eagle yourself. You’ve achieved some level of success because your prior leaders trusted you to do what was needed to succeed. More often than not, you did just that. Don’t attempt to corral your eagles. They are talented and capable. Their success will bring light to the team’s vision.

2. Prepare your team for your eventual departure

I am a student of leadership. One of the principles drilled into me early was that one of the best things you can do shortly after your arrival is to begin preparing your team for your eventual departure. It’s counterintuitive but serves your team in the best way possible by taking on the multi-disciplinary role of both leader and teacher. It can be done, especially as you begin to see members of your team clearly show their potential for future leadership opportunities.

3. Train your workforce

The cybersecurity field will keep changing at a rapid pace. Technology and innovation are not waiting for the information security teams to take great leaps. Keeping your workforce trained on contemporary and bleeding edge technologies and developments will ensure the readiness of your team and the individuals, who might be ready to tackle different challenges outside of your team.

4. Actively look to diversify your team

Diversity is the buzz word here in Silicon Valley. There has been study after study and observations abound about the lack of diversity in the technology and cybersecurity realms. How many times have we seen splashy headlines of diversity hires only to see those folks leave an organization a year or two after a very public hire. We need to do better and simply get this right. There’s a saying in business circles that which gets measured gets done. Time to apply this simple mantra to the hiring of a diverse workforce. The growing complexity of cybersecurity demands that we create a workforce highly capable and ready to tackle future challenges. A diverse team means you’ll have diverse ideas. It’s all hands on deck. Let’s start acting like it.

5. Communicate on a regular basis

It shouldn’t take a crisis to drive home the need to level up the amount of communication we do with our teams. If you are not speaking to your teams weekly or bi-weekly in the current environment, then you are not likely in touch. Communication has always served as the life blood of team connectivity and now more than ever staying in touch with our people and simply being available are really the most important thing you can be doing. Jump on the Zoom or Google Meets and touch base with your team right now!

Five principles will not cover all of your bases, but it’s a great place to start. Being a student of leadership means constantly sharpening your tools. Get after it … and become a stronger leader!