The Cybersecurity Goldfish Bowl

2014-08-24 11 20 26 "Private Drive - Enter At Your Own Risk" sign at Pennridge Airport in East Rockhill Township, PennsylvaniaOne distinct aspect of technological leadership, especially cybersecurity leadership, is the requirement of transparency. In order to do your job as a member of the management team you have to keep informing your peers of every significant screw up and every exploited oversight and every exploited vulnerability of every product that gets exploited, so sometimes other people's mistakes as well.

If you are thin-skinned in this regard you are going to struggle to succeed as a cybersecurity leader. If you are uncomfortable telling people about mistakes or oversights, then this job is not for you. If you hate taking responsibility for other people's mistakes, than this job is really not for you.

Isn't every senior management position like this? Yes and no. Yes, in that taking responsibility for mistakes and being transparent is a big part of just about any senior position. No, in that most other jobs don't have armies of people dedicated to breaking your hard work and don't have different armies of people trying to manipulate innocent people in your company into breaking your hard work.

But that is part of the job: every computer resource is a target in a way that most spreadsheets or presentations or reports are not. People really are out to get us.

This means that an effective cybersecurity mindset tends to be a bit negative and a bit jaundiced and somewhat prone toward pessimism. Are you an unmitigated beam of sweetness and light? Do you believe that people are generally good? Perhaps this is not the profession for you.

On the other hand, brooding upon the ubiquity of iniquity isn't ideal either. This is because a totally negative mindset commonly leads to either of two common failures of leadership:

  1. Excessive negativity can lead to incessantly predicting doom and gloom. People have work to do; predicting disaster is not your job: preventing and minimizing disaster is your job.

  2. Excessive negativity can lead to a reluctance to provide any service to anyone ever. If you lose perspective than you loose the ability to make cost:benefit decisions because all you see is cost while most of your what you colleagues see is benefit. Go down this road and you will be written off as a crank.

What do instead? Keep your eyes on the prize. Stick to a reliable Risk Management methodology to keep you from becoming reflexively negative. Consider the costs but remember the benefits.

And for the few of us who truly excel at this, learn to avoid saying "I told you so" every time some piece of technology is attacked in a way that you saw coming. Being a smug troll is even worse than being a troll.

Comments

Post a Comment