Five Skills to Become a Respected C-level Security Executive, #3

career consulting cyber emotionalintelligence leadership productivity risksmanagment security security industry Feb 11, 2022

Take Responsibility for Problems

Leaders who honestly want to improve the quality of their operations also honestly face problems. They understand that problems, effectively addressed, become improvements. Fail fast and cheap is the venture capital mantra for entrepreneurs. Yet problems, if ignored or tolerated, fester and grow until they become devastating.

To start from the beginning of the series, click HERE.

Don’t avoid problems because they are hard to look at. Some problems come from deep disorders in corporate culture or bad decisions from the past. Guess what, now they are your problems, and sooner or later they’ll have your name on them. So, get to work.

Identify the big problems and small problems separately. Create concurrent strategies for knocking off the small ones and addressing the big ones. Don’t chicken out by transferring your problems to a technology vendor or consultant to fix things. Effective leaders confront the pain and do the fixing, themselves through leadership – leading the team, the vendors, the consultants. Regardless, of who does the work, it remains the leader’s problem (and the leader’s victory when conquered).

Honest assessment + effective action = Evolution

Not everything you try will work. Therefore, keep track of what works and what doesn’t, and learn. Again: Fail fast, fail cheap, learn much.

Think of your security operations as a machine and understand that you yourself can tweak your machine to produce better results. Compare the goals you set in Skill #1, with the results you are getting from your machine. Then you’ll clearly know where to apply your energies.

The biggest mistake security leaders make is to not see when an initiative succeeds and when it fails, thereby perpetuating inefficiencies and reinventing the wheel again and again.

Here are the six areas where the success of security leaders consistently breaks down. Which ones are affecting your organization?

Wasting Time

Security teams waste time putting out the same fires, continually “reinventing the wheel” of many security tasks and performing “busy work” for auditors and customers, recreating documents, and filling out SIGs (standardized questionnaires used to self-assess security) and assessments and the like.

Wasting Money

Audits and assessments invariably find deficiencies that need to be fixed fast. Each “mitigation” project pulls valuable people off of important “normal” projects.

Lack of Systematic Processes

Security and IT teams rarely function together as a finely-tuned machine. As a result, managers are constantly running interference when conflicting processes and personalities interfere with productivity. 

Lack of Quality Measurement

Annual 3rd-party assessments do a good job of establishing a progress report, like your child’s growth chart at his pediatrician’s office. However, waiting a year or longer between assessments means there is no way to catch operational errors in real-time.

Employees Feel Left Out

As you learned in Skill 2 “Engaging People,” employees hoard information and protect turf when they feel uncertainty around them. They want to feel “essential.” Therefore, managers have a difficult time responding with agility. After all, if an employee becomes irreplaceable— “He’s the only guy who knows how to run our kludgey authentication server”—then he also becomes un-promotable. The manager has no way to move that work to any other critical function and is critically affected when key employees unexpectedly leave.

Support & Training Sporadically Available

Outside consultants and professional conferences offer excellent sources of training and improvement. Unfortunately, it is prohibitively expensive to finance full-time consultants or constant employee trips to conferences.

Take responsibility when you find a problem dragging down your security operation, and make this your new mantra: Don’t mitigate. Obliterate!

To start from the beginning of the series, click HERE.

Continue to Skill 4 HERE

Steve Hunt helps security professionals like you to excel on the path to growth and improvement

Drop me an email if you'd like my upcoming e-book for security leaders on building Executive Success. [email protected]

Grab my newest eBook on Security Leadership and join Steve Hunt's Communities of Excellence. Let's Improve Security -- Together!

Get the eBook HERE: