Responsibilities Of A New CTO/CIO: Uneasy Lies The Head That Wears A Crown

Congratulations, you got the promotion to be the chief technology officer (CTO) or the chief information officer (CIO). Feels good, doesn't it -- people laugh at your jokes, they seem to care what you think, you have staff, you hob-nob with other C-suite leaders, the Board looks to you to explain complicated technical topics, your opinion is sought on weighty matters by investors and thought-leaders.

In Shakespeare's play Henry IV, the new king reflects upon his misfortune: as supreme ruler, he can order any of his subjects to do any of his wishes, but they in turn rely upon him for constant guidance and protection, safety, food, etc. The burden of leadership is not borne by his jesters or serfs or peons, or even by dukes and earls and noblemen. All victories are his, and in turn so are all misfortunes and miscalculations. Henry in his insomnia laments: 

"How many thousand of my poorest subjects
Are at this hour asleep! O sleep, O gentle sleep,
Nature’s soft nurse, how have I frighted thee,
That thou no more wilt weigh my eyelids down
And steep my senses in forgetfulness?"
He concludes his reflection:
"Then, happy low, lie down.

Uneasy lies the head that wears a crown."

Uneasy indeed.

Scott Eblin, one of the most articulate blogger-coaches, describes "three common pitfalls that new executives need to avoid." They are worth reflecting upon by the new CTO or CIO:

1. Running without reflecting

2. Still being the go-to person

3. Staying on your island

As a consultant I have seen all of these in new executives, and in executives who are flailing about trying to be successful. See if these sound like what you've seen in people who struggle in the new role: has difficulty delegating, must have the spotlight; is the 'senior-doer' and must approve all actions; can't shift to an enterprise mindset.

Cybersecurity can only be effective in an environment where it is a shared responsibility:

• Cybersecurity is an enterprise function, it is not a subscription or a set of compliance rules or certificates
• Cybersecurity at the executive level is always about trust and trust requires relationship management, not technical wizardry -- you have a team of technical wizards
• Cybersecurity requires being comfortable both with delegation (who is responsible?) and with power-sharing (continually revising risk management plans in anticipation of new risks)

In a previous post we discussed Machiavelli. His most famous conclusion about leadership was that it was better to be feared than loved. As a new CTO or CIO, if people fear you, your cybersecurity plan will fail. If it fails, you'll have insomnia while you look for a new job.

Drop us a line in the comment section about executive challenges you've encountered and how you have addressed them. What worked for you and what are you still working on?

Ask us how Pythia Cybersecurity can help your crowned rest easy with a cybersecurity risk management process that has been verified and validated.