What Business Are You In?

Back in the late '80s there was a business book making the rounds entitled The Goal. Despite what its author and publicist say, it was not "a gripping business novel." But it asks good questions:

• What business is your team in?
• What are the goals of that business?
• What actions conducted by the team bring the team closer to its goal or goals?

Think about those questions in terms of cybersecurity:

1. (a) What business is your cybersecurity team in? (b) In what ways is that business aligned with the business goals of the company and in what ways is it misaligned?
2. (a) What are the goals of your cybersecurity team? (b) How do those goals further the success of your company?
3. (a) What functions or actions improve the team's performance relative to your own metrics? (Assuming you have metrics...) (b) How do those metrics align with broader company metrics?

Notice that each of those questions had two parts. The first part of each question -- (a) -- is only answerable by you as a cybersecurity leader. It means you need to know the big picture. 

The second part of each question -- (b) -- is only answerable by your boss.

If your answer and your boss' answer are misaligned, you need to change your cybersecurity team's function to become aligned as soon as possible.

Now, suppose you're "right" and the boss is "wrong" -- what then? 

Of course that means the boss thinks you are wrong. The worst thing you can do is tell the boss you are right and they are wrong. But as a technologist you "know" you are right or at least your every fiber of being wants to say it out loud. Don't do that.

Instead, the best thing you can do is attempt to appreciate why your boss thinks you are wrong. Is there a communications issue? Is the boss expecting something that your team hasn't delivered? Think of it this way: your program may be good but you're not communicating its value, you're not aligning it with what the organization values, and you're not able to speak to its role in the company.

In short you're talking about things that are your goals but not your company's goals.

That makes it sound like you don't know the goal.

But as a leader you need to keep asking hard questions:

• Is your team incapable of creating adequate cybersecurity?
• Does your team have ineffective team dynamics that are keeping it from succeeding?
• In what ways are you as a leader part of the problem? (p.s. your boss is probably starting with this question)

You can't achieve your goals with the wrong team, the wrong metrics, and outdated leadership skills.

Ask us how you can more consistently achieve and align your goals.