21 Mar 2017



21 Mar 2017


I was listening again this week to the Down the Rabbit Hole weekly podcast . There have been a couple of recurring themes of late; leaders in the technology world and skills shortages. I have no doubt they are connected subjects. IT is no longer a supporting function but a core part of any organisation, there are very few companies that could continue to operate without Internet connectivity and networked computers.

Why do we need great leaders in technology and cyber security? As a community if we don’t we will not have a voice in the boardroom and we will not develop from where we currently are. We won’t be able to influence change or deal with cyber security issues strategically through long-term objectives and planning. It also means we will not be able to ensure that continuity planning is covered for the areas that are important to us, such as spotting, developing and encouraging young talent. Getting them to consider cyber security as a great career choice.

As a leader, whether you are a CISO, manager, team lead, or aspire to be leader in the future, you also act as a figurehead, somebody others can look up to and aspire to be. A point, brought out in the podcast, is that a leader is not necessarily the most senior person or the individual with the most experience. It’s not someone who is a “technical expert with a team”. They are the kind of person that attract bright people and inspire others. The person they spoke about on the podcast was Richard Branson, a person who has been successful in a number of industries.

Here are some of the points that immediately came to mind when I thought of what a leader is, this was gained through my experience of 25 years in law enforcement:

  • Being a mentor to others (as well as ensuring being mentored yourself)
  • Making good decisions and where possible avoid bad ones, but being given and give others permission to fail, in order to encourage innovation and growth
  • Taking time to grow your knowledge, experience and capabilities, which applies to all not just a leader
  • Always accepting and seeking feedback (360 feedback works well)
  • Leading by example
  • Ensuring constant two way communication with your staff, your peers and seniors, including delivering the difficult messages directly
  • Actively listen to the other person, give them time to make their point and air their grievances
  • Be open and honest in order to build mutual trust and respect
  • Create a culture of openness where staff are encouraged to challenge, also encouraged not only to identify the problems but to help find and deliver the solutions to the problems they discover
  • Seek out those who are willing to learn, challenge and motivate them and allow them opportunities to develop outside their role to help them grow. Especially with those who have initiative, have a passion for technology, but also those who have an analytical mind set, who can ingest and distil information
  • Prioritise your tasks, do what is important and needs resolution now. Don’t necessarily start each day emptying your inbox or answering emails
  • Set milestones and constantly review tasks, activities and projects, also understand what success looks like and when you achieve it
  • Establish if you are the right person to deal with the problem and identify if there are other parts of your organisation, or beyond, that might help making informed decisions or deal with the issue, technology may not always be the answer to the problem
  • Encourage your staff to take on your functions or grow in to your role, work yourself out of a job, encourage talent, train for the future and grow the staff in your organisation, build a pipeline
  • Take time out for yourself i.e. get a hobby

What do good leaders achieve for their business:

  • Identifies what the problem is we are trying to resolve and concentrates on that issue
  • Identifies the solution to problems, understands the value of that solution to the business (ROI) and sets measurements to help understand if that product is delivering against the problem
  • Sets and codifies the mission and constantly encourages their teams to do the same, empowering individuals to act
  • Understanding risk and what it means to your organisation
  • Recognises and praises success, it increases engagement
  • Ensures lessons learnt are captured and propagated across your organisation and community
  • Understands the business and its culture in order to deliver against the objectives within that environment, “you can’t deliver cyber security in a vacuum”
  • Understands the questions the board needs answering and presents them with responses that helps them to make the right or better decisions, in a language that they understand

When considering risk the model I am most familiar with is that used by UK law enforcement officers College of Policing . The model they use is the “National Decision Model”, full details can be found if you click here.

From the model the recommended questions we need to ask when dealing with risk and develop a working strategy are:

  • Do I need to take action immediately?
  • Do I need to seek more information?
  • What could go wrong (and what could go well)?
  • What is causing the situation?
  • How probable is the risk of harm?
  • How serious would it be?
  • Is that level of risk acceptable?
  • Is this a situation for us alone to deal with?
  • Am I the appropriate person to deal with this?
  • What am I trying to achieve?
  • Will my action resolve the situation?

In the podcast they said “leadership is a craft in itself”, the principals can be taught, but it needs nurturing and practice. A CISO also needs the technical understanding to deliver against the role. Adding the two together creates a unique individual who adds great value to any organisation.

“Tell me and I forget, teach me and I remember, involve me and I learn”– Benjamin Franklin

Xanadata is a data analytics company, specialising in building systems that analyse data at extreme throughputs addressing markets such as cyber security, e-discovery and BI analytics. It develops and builds custom hardware and software to allow organisations to rapidly identify vulnerabilities, threats and risks caused by systems connecting to the Internet. Contact us to understand how Xanadata’s products and services can help you to understand the threats and vulnerabilities impacting your business today.

Original blog written by Kevin Williams for Team Cymru. Blog reproduced, in part, with thanks to Team Cymru:

Leave a comment
More Posts