Cybersecurity And Leadership: Part 4, Middle Management (a.k.a. Platform Managers or Program Managers)

(picture and food styling by By やましこ - Sandwich Cross-section, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=110787140)

Of all the positions of leadership in any organization, middle management may have the greatest impact on cybersecurity.

These leaders go by many titles -- middle managers, platform managers, program or project managers -- and share the following role-based attributes:

1. Their authority is narrow, but their organizational influence is both broad and deep
2. Unique in many respects is that their work is done through other leaders, through direct reports, and through their own expertise
3. Finally, their jobs almost always involve spending money or saving money -- rarely do they "make money"

Here are some implications of this role.

First, they need to find allies in CTOs/CIOs (for 'top-cover' and funding), peers, and clients.

Second, they need to create metrics that demonstrate their impact. They were hired for their expertise, but quickly being able to demonstrate organizational impact is the only way they will get visibility and 'top-cover'. Here are some wonderful podcasts by people who understand the role or who can explain why creating metrics is important.

Third, they need to play "politics." This means connecting with others, selling them on what you've done for them lately, and helping them achieve their goals while they help you with yours.

Fourth and not finally, being a successful middle manager means balancing being a 'boss' while being a subject matter expert. These personnel quickly lose their credibility with implementers. There is no denying the very real temptations these managers feel to bully subordinates ("senior-doer") or schmooze/kiss up to prepare for a promotion. An ally CTO/CIO or a mentor or a coach will help balance these tendencies.

Middle managers universally believe that their program, platform, or role is indispensable and the single most (ok, one of the top 5 most) important function in the organization. Aligning that self-esteem with cybersecurity risk management while creating a metric to show your worth -- because as long as "nothing happens" that metric is your personal stock market indicator within the company -- is crucial for success in this role. Ask us how we work with middle managers to set them up for success.