lead (v.1)
“to guide,” Old English lædan (transitive) “cause to go with oneself; march at the head of, go before as a guide, accompany and show the way; carry on; sprout forth, bring forth; pass (one’s life),” causative of liðan “to travel,” from Proto-Germanic *laidjanan(source also of Old Saxon lithan, Old Norse liða “to go,” Old High German ga-lidan “to travel,” Gothic ga-leiþan “to go”), from PIE *leit- (2) “to go forth.”

www[.]etymonline[.]com

THE JOURNEY

Security leadership, or any form of leadership, is an endless and continuous journey. It is not something you do once or fully accomplish by acing your performance in one single moment, like outperforming that final boss in a video game. Leadership doesn’t work that way.

Security leadership as I see it and how I will explain it in my articles about the subject is less about technical security skills or domain expertise. Sure, it is about leadership skills, and a security leader for sure needs foundational knowledge of the domain he/she is a leader in, i.e. Security.

Security leadership is less about being the best at a certain security subject or domain. But knowing a thing or two about security, in a security leadership role will for sure be helpful.

Security leadership is about the capabilities and skills you need to have as a leader to make yourself, your team, and your organization successful. To guide and coach others to grow. To lead. It is less about you and primarily about those who you lead.

Your journey to become a leader will most certainly put you up for situations where you need to grow through change. The change may be big or small. You or those around you might feel the change you are making. And I think that it is a good move to be prepared for that changes may cause some sort of form of a feeling. And there is nothing wrong with it. Just be prepared for it. It can be a good move to inform those around you that you going through your journey, for example, a leadership development program.

No one ever said that leadership is easy. But it becomes as easy or hard as you make the journey. Accept that you might be tested from time to time and need to take yourself through uncomfortable situations, thoughts, scenarios etcetera. Don’t be too hard on yourself, there is no need to make this journey to a performance or measure yourself against someone else or another leader. Try to find joy and relaxation in your leadership journey. There is no need to rush it or force the pace of it. The journey is about you. And it is a lifelong one if you choose to become a leader. The sooner you start to accept this fact the easier the journey will become.

THE CREATION

Security leadership is something that can operate on different levels and contexts. A CISO is not the one and only role where security leadership is applied in practice, this is just one of many roles. Security Directors & Managers, Functional Managers & Leaders, Architects, SOC Leads, and Risk Managers are a couple of examples where security leadership is needed.

But the thing here is, everyone might not want to take on that journey. Everyone might not choose to or want to become a leader. And this is totally fine. Leadership is not something everyone is into or finds interesting exactly like many other things in life. And the truth is that the majority of humans prefer to follow and not take the lead. This is just how it is and there is absolutely nothing wrong with this truth or being more comfortable with following or not enjoying leading.

The first thing you need to do, if you want to become a security leader is to choose to become a leader. Yes, this is a choice you need to make. As I said, the majority of humans rather follow. If you make the decision to become a leader, this means that now the journey and creation begins. If you do not choose to be a leader you cannot create the form of a leader of yourself that you want to become. Leadership starts with you and within you. It is not something that will come as a package with a title or role. Being a leader is not the same thing as being put in the spot or role where you need to lead. Take a second a think about this sentence once again.

From my personal point of view, security leadership (or any other form of leadership) can be conceptualized according to the below model.

As I mentioned earlier, security leadership starts with you. If you can not lead yourself you will not be able to lead someone else. Before you can take on the responsibility to lead individuals or teams, you need to be able to lead yourself. This is self-leadership. You need to have your own shit together, being able to direct and operate yourself in such a way that is taking you in the direction needed to reach your own goals and vision whatever they are. Before going out there and leading others you need to be able to demonstrate self-leadership. This is the first step in your personal journey and the creation of a security leader.

The model illustrated has as its purpose to conceptualize the relationship between leadership skills vs security skills. Both skill stacks are needed but they are weighted a bit differently depending on the circumstances you are a leader in. Think about it this way: As you become a leader who leads larger and larger teams, organizations, and other leaders your true power and capabilities as a security leader come from how well you will be able to tap into the collective strengths to achieve your desired goals. You as a leader are not supposed to have all the answers to the questions or know how things are done in detail. You will be less dependent on your personal security skills and more dependent on your leadership skills to enable the collective strengths of your team’s skills.

Your role is to make sure that those you lead and are around you have the necessary resources accessible to accomplish the goal. Sure, you as a security leader might be a part of the smart ideas you as a team figure out but you are not the one and only that shall sit on all the answers. Security is a team sport and you as a security leader, when you start to lead teams/organizations/leaders, need to be able to delegate and trust the power of your team. And you as a security leader are the power of the collective skills and strengths of those around you. Make sure to surround yourself with people who complement you. Don’t be afraid of or let your ego stop you from letting the right person with the most appropriate skills shine or execute the tasks needed so that you together as a team become successful. You are there to lead and make the team and others successful.

And no, telling someone what to do or how to do things is not leadership. This is more related to “management” or (poor) communication.

“No, no, no, no! I’m, telling you.
This is how it is […]“

INFO: The above exemplifies very bad leadership, management, and communication. And yes, I have been faced with this form of “leadership” a couple of times. And personally, it really doesn’t sit well with me…and is not something I practice or recommend. Going this path will most likely increase your chances of becoming less popular as a leader.

Here and there you as a leader will though need to manage situations. I believe that situations may need to be managed but not humans. Humans should be led. They should be guided and coached. It might sound a bit philosophical but I think that if you as a leader create an environment and climate where your team feels safe, they will need less management. But they might still need to be led which goes hand in hand with being coached and guided. There is so much more to say about this subject, i.e. how to create a team and a safe environment & climate, and I promise to come back to the subject in another article about security leadership.

EPILOGUE

Leadership is one of the most powerful capabilities that will make or break an organization when it comes to security. Just think about it, replace good security leadership in an organization with bad and see what happens. Swap in some bad leadership in a couple of those <key_security_leadership_roles> and see what happens. I can promise you that the effects will be less positive. And I have seen this take place a couple of times. It is sad to see but it is actually something many organizations need to go through and experience. This is kind of also a natural part of the the evolution of an organization as people come and go, rotate roles, are promoted, layoffs, positive and negative things happen etcetera. And this also somewhat demonstrates the truth that security leadership is hard. It’s not something that a random dude from the street with some cool leadership pokemon’s on the CV can pull off.

Leadership, independent if it is related to security or not, is challenging and hard. It is not a cakewalk. It is not something everyone can do equally good. If it were, the world would look different. I am not here to save the world or all those organizations out there that lack security leadership. That would be a too-big mission for me to take on.

What could ever go wrong on this boat trip where these two leaders, Batman and Joker, totally drop out on their responsibilities and ownership. Circus.

But what each one of us, including myself, as security practitioners can do is make sure we practice strong self-leadership skills. We start with leading ourselves in the way that we would like to be led by a leader. If each one of us takes full ownership of the way we lead ourselves we are for sure contributing to good and strong leadership. And as I said several times before, leadership starts with and within each one of us. I think that self-leadership skills are heavily underrated when it comes to a career in security. Leadership skills will never go out of fashion.

And take this lesson with you:

“Guys, I will put leadership on pause for a while. I don’t have time for this sh*t now, I have more important things to focus on! See you later.”.

Nope, that will not work out well. I have seen this take place several times in reality. Leaders going AWOL (absent without official leave) and just dropping their responsibilities and ejecting themselves from their teams. Guess what happened to these teams when leadership chooses not take on their responsibilities? Yes, it turned out to be a form of a corporate circus. Or a form or a boat trip where there was no direction or destination. People will after a while start to feel lost and frustrated. They will start to question things. Someone might take on the pseudo-leader role without actual mandate or authority. Some more frustration and confusion start to boil up.

Leadership is for sure a very interesting thing that does not come for free. It requires time, from you as a leader to be there for those you lead. It takes time to build up a team and also to keep that team together. There are for sure self-led teams but they are not created out of thin air or just pop-ups due to when someone comes up with the idea “We shall be a self-led team!”.

My purpose with the writing(s) about security leadership is to provide perspectives on the subject and inspire, help, and motivate others who are on their own journey to create or develop their own security leadership skills.

I will through a couple of articles explain the different parts of the conceptual model found in this article related to security leadership:

• Self-leadership
• Leading individuals & teams
• Leading leaders & organizations
• and of course, share my reflections and experiences from my career

If you want to start to develop your leadership skills instantly I recommend you to contemplate the information in this article. Ask yourself at what level do you see your own leadership skills currently in relation to the conceptual model? Maybe you have the courage to ask people around you how they see you as a leader? And after you find out the answer to the question, ask yourself where do you want to see yourself in the future? What form of leadership skills would you like to develop? Maybe you are completely satisfied where you currently are? Or maybe you want to strengthen your self-leadership skills? Or maybe you want to improve your skills in leading a team? Only you have the answer to this question. Only you know what you want to do. It’s your choice.

Link to original article – Click Here
Follow Henrik Parkkinen on LinkedIn – Click Here
Visit HenrikParkkinen.com