The Bird's Eye View

At Pythia Cyber we focus on leadership in the technology sphere. This means that we concern ourselves with the intersection of technical expertise and leadership skills. You don't have to be a technology wizard to be a leader of a technology group, but you do have to be technologically credible. However you do have to be a great leader in order to be a great leader of technologists.

What about the big chair? Well, you can get into the big chair a number of ways which boil down to either working your way up the ladder or leading a succession of ever-larger entities. It is rarely the case that either path goes through IT, so we stress that a great leader of the technology group has to be able to manage up the chain as well as down the chain. In other words, a great leader of your technology function generally has to be good at managing the boss.

Doesn't every senior manager have to be good at managing up? Yes, but for the chief tech the problem has the added wrinkle that the boss very likely does not know much about, or have much experience in, or even a great interest in, the technical domain.

Let's get concrete here: my career tends to focus on health care so I will draw examples from that industry. All too often doctor-led enterprises only care about healing people. That sounds good, doesn't it? It is good, in moderation, but it frequently and conveniently overlooks the enormous supporting structure needed to do that healing. Doctors often have a very narrow and specific view of the enterprise as a whole: their view. What you need at the top of the chain is the bird's eye view, not the ant's eye view. People like to mock "the view from 50,000 feet" concept, but a deep and intimate knowledge of only a small part of the picture is just as bad and probably worse.

Health care providers sit atop a vast support system. Someone has to build and maintain and stock and staff those gleaming rooms in which they ply their trade. Several someones. Celebrating the very tip of the iceberg, the doctor, shows a lack of understanding of how the system as a whole actually functions and leads to mismanagement. Specifically, it leads to tunnel vision at the top and resentment at being under appreciated at the bottom.

Cybersecurity in the medial context is often a casualty of doctor-worship. In the field doctor-worship presents itself in interactions like this one:

Doctor: I am too busy healing people to worry about petty concerns such as cybersecurity. That is your job.

Me:  It is my job to control how you use computer systems, to whom you give your credentials, where you review confidential information and where you leave your laptop?

Doctor: I stopped listening after I stopped speaking. I am too busy healing, etc.

Administrator: Don't hurt the providers' feelings. 

Believe it or not, this is only a slight exaggeration of an actual dynamic I suffered through with a client. Suffice it to say that this particular client let their providers do as they pleased and the rest of us cleaned up after those providers. This is a reasonable way to run an Operating Room or an Emergency Department treatment room. It is not a reasonable way to run a medical IT operation.

This tunnel vision is by no means unique to health care. Ask any IT professional: flawlessly performing infrastructure becomes invisible. What is invisible is out of sight and out of mind. What is out of mind is not given its due unless and until there is a problem, at which point all that lack of praise is topped off by some blame.

Leaders who come up through the ranks need exposure to many parts of the organization in order to be effective top level leaders. When Colin Powell asked a mentor how to get to highest levels of military leadership, that mentor laid out a varied path: some combat training (paratroop qualification in Powell's case), some logistics (because an army moves on its stomach and its supply chain), some advanced strategy training and some "charm school" to become a good presenter of material. This is what one would want in the boss of bosses: broad experience to match the very broad organization and the even broader portfolio.

If you are an expert in only a small part of what your organization does you will likely not understand what is truly important. You might even confuse "our cybersecurity training should be more effective" with "we should waste less of our  time in cybersecurity training."

Leaders who climb to the top through leading a series of ever-larger entities need background in your primary goal if they are to succeed, even if the background is mostly needed to communicate effectively with colleagues. If you are an expert in administration but not what your organization does you will likely not made the best value judgements. You might even confuse "everyone should have mandatory annual cybersecurity training" with "everyone should be aware of cybersecurity risks as they go about their primary duties."

Become a great leader of technologists through experience, talent and training. Pythia Cyber can help.