Making Career Decisions with your Family in MindFeb 04, 2022
Contributor Steve Hunt.
Folks who succeed in life seem to be those who find that elusive work-life balance while exuding a sense of purpose
Kip was your typical geek, heading IT architecture for a reputable company. He had a beautiful family, a good job, and an easy smile. Something was eating at him, though. Over drinks one evening he told me that his wife observed a change in his enjoyment of life over the last few years. He summed it up by saying he felt his life lacked purpose.
Pressing him to explain, he said managing networks for a company didn't feel like making a contribution to the world. Sure, he said, his wife and kids were blessings, but something was missing at work. He wanted to make a difference.
As a technologist, he said cybersecurity professionals were making more of what he called "an impact on the world." Finishing his second drink, he said, "I went into IT because I liked tinkering with computers and networks. But I love the idea of keeping them up and running, no matter what happens."
Cybersecurity, he decided, was where it was at. He asked me how to retool as a cybersecurity pro. He was visibly surprised when I said he already was one.
The best leaders in cybersecurity today are not the ones with white-hack hacking skills -- though Kip had a few of those, which I saw one day when he demonstrated an SYN attack, illuminating a weakness in his network's architecture. The best leaders in cybersecurity are those who know how to lead a team to become an efficient machine, always improving, always audit-ready, always incident-ready.
On the other hand, the worst leaders are those who rely on technologies and faster-and-faster patching times and incident response times to run security. I showed him that running security like a fire department is the surest path to high-cost failures and high-profile hacks.
Leadership based on core values and following best practices of continual improvement, continuous learning & coaching, engaging employees, and measurement & recognition -- this is the stuff of a well-run security program.
I showed him the NIST framework for cybersecurity and its companion standard, the NIST Baldrige performance excellence framework. These two together, I told him, are the most comprehensive roadmap to true cybersecurity leadership.
Six months later, Kip was heading cybersecurity at a new company. Six months after that he was promoted to CISO. Kip is on his way to becoming a recognized leader in cybersecurity by running security like a business.