What role does company culture play in creating a more secure organization?
As with every part of your business, culture is key. It provides the solid foundation of compliance, collaboration and communication required to ensure the resilience of your organization.
You may invest millions of dollars in employee cybersecurity education, but for it to truly pay dividends, you must have a culture of community and shared risk across the organization – it needs to be part of the organizational DNA.
It’s getting every employee to recognize that cybersecurity is no longer just an IT problem. Everyone has a role to play.
It’s driving home why it is so important to practice good cyber hygiene. Where it becomes second nature to take the extra step or extra minute to check something out, even though it might initially seem inconvenient. To have the discipline to avoid shortcuts and pitfalls like opening email PDFs and zip files from people you don’t know; using those free thumb drives you found at a conference; and having the same password or pattern across multiple websites.
For me, trust and accountability are the key values and behaviors you want to reinforce. It’s trusting that employees will do the right thing once they have the right training. It’s creating an environment where employees feel empowered to raise their hands if something doesn’t seem right. And it’s holding teammates accountable when rules are intentionally broken.
That’s how you gain and maintain the cyber-trust of coworkers, customers and partners.
How has your personal leadership style evolved over the years?
As I’ve progressed in my career from engineering, to program management to managing the business, I’ve had to become adept at knowing when to lead from the edge and when to lead from the core. Essentially, strong leaders need to be able to lead from the “edge” – knowing when to be strategic, embrace change, think creatively and seek input from others. But they also need to know when to lead at the “core” – making operational decisions based on known expertise, and emphasizing consistency and performance. I have to give credit to Lee Hecht Harrison for articulating the concept, especially as it relates to the importance of adapting these styles. The current marketplace is dynamic and leaders need the agility to go back and forth between edge (strategic) and core (operational) − adjusting their styles to fit the situation.
Essentially, strong leaders need to know when to lead from the “edge” – when to be strategic, embrace change, think creatively and seek input from others. But they also need to be able to lead at the “core” – making operational decisions based on known expertise, and emphasizing consistency and performance.
What’s the best piece of leadership advice that you would like to share with peer leaders?
When it comes to cybersecurity, the best advice I can give is to surround yourself with a great team. The threats and opportunities are evolving so rapidly that it’s a challenge for any one person to keep up with it. It should keep you up at night.
But with the right team, you’ll have the expertise in place to provide for a cyber-resilient and cybersecure organization. You want leaders and subject matter experts who are inquisitive and not complacent. They’ll tell it like it is; give you an honest assessment of the cyber challenges, risks and opportunities; not what you want to hear.
And it goes back to culture. You want an environment where people feel empowered to sound an alarm to leadership. You want issues elevated quickly. Since the sooner you know about something, the sooner you can get down to solving the problem.