January 2023 Blog
Cybersecurity and Leadership – Lessons Learned
As we launch into 2023, I am reminded of some exemplary leaders that I had the privilege of working with over the almost 39 years of my professional career. If you are in a pensive mood, as one often is, you ask yourself ‘What Have I Learned and What can I do Better?’. Remembering those leaders at the various respected companies that I worked for, calls to mind some very good lessons learned and wisdom which, I think, can be applied to the cybersecurity industry.
Trust and Empathy– I remember when I was a very junior project manager at CAE in the 1980s, one of our most respected Vice Presidents, the affable and wise David Tait (RIP) once said to me ‘we trust you and we will not crucify you if you make a mistake – just try not to make it twice’. His mantra was ‘No Heroes, No Villains’; in other words if you do something positive, well, that’s why we hired you isn’t it, so don’t go around snapping your suspenders telling folks how smart you are. If you mess up, well, please make it a learning experience. At the base of that corporate culture was trust and empathy. The trust that folks would do their best and learn from mistakes and the empathy to see in each employee a real person with potential to learn and grow. In the context of cyber security leadership, we are called upon to do our jobs, in a partnership with our customers, to the best of our abilities and always act with a duty of care, trust and empathy as they have entrusted us their cybersecurity wellbeing and rely on us to help them. Sometimes, we must protect them from themselves, and that is a hard thing to do.
Integrity and Courage – One time, very early in my career at CAE, I was in a situation where I made a mistake, and it was called out in a quite public way in a meeting. Rather than immediately own it, I tried to argue and make excuses. My boss and dear friend Barry Taylor showed me how to take ownership of a mistake and he helped me learn the hard lesson that a leader has integrity and courage and always owns his actions. Being unwilling to admit an error is a huge problem – both on a personal level as a character flaw and on an organizational level, as lack of accountability can have severe repercussions on any company. In the cybersecurity context, it is the ability to not only do the right thing, but also the importance of integrity and courage in telling the truth and facing the consequences. Sometimes, the truth is hard to accept and even harder to tell a customer. But we must tell customers our honest opinions and recommendations and overcome the temptation to downplay a problem.
There are, of course many other leadership qualities such as humility, gratitude, and competence and each these are important in their own right in the cybersecurity industry. In my experience in the context of doing business over a long period of time, I would say that the Trust, Empathy, Integrity, and Courage are the foundational core qualities that leaders must possess. If they can combine to these core attributes, Humility, Gratitude, and Competence, then they are truly outstanding leaders.