Cyber Leader's Blueprint 5 - Build Strategic Influence: Everything Else that Matters

The effective cybersecurity leader builds their flywheel of success through continuous development of professional habits. These last few areas of focus help reinforce your own development and your position in the industry. 

Post 5 in my 5-Part thread: The Cybersecurity Leader's Blueprint

Know and Support the Business

An ongoing joke in cybersecurity is that it is the department of “no.” A true cybersecurity manager works in the best interest of the company, the product, the mission, and the team. It is an over-used metaphor at this point, but to restate it, yes, cybersecurity is like a break that applies friction to processes, but the fastest racecars need breaks because otherwise, they will never make it past turn #1 while maintaining a lead.

Get to know the other business leaders outside of cybersecurity and know what it is that they are trying to achieve. 

Don’t be this person: No, you cannot use that new software application because we don’t know what it does with your data.

Be this person: Yes, I would love to help you increase your productivity through implementing a new software application. Allow my team to validate how it stores and processes data so that we can help you leverage it most effectively.

Don’t be this person: No, you cannot implement that feature because it will mean we are storing more sensitive data.

Be this person: Yes, I see how this feature will help us keep our competitive advantage and grow our customer base. Allow my team to work alongside your developers to make sure that we can tout our data security and privacy practices to further enhance user adoption of the feature.

As the representative of the cybersecurity community for your organization, you will be an impactful leader by knowing both the cybersecurity risks as well as the business risks. Meaning, what threat actors and techniques are being used against your peers and competitors? What features and functions is your business most focused on to stay competitive and are you supporting those objectives? Are you attending industry-focused events and forums to understand the entire environment?

Stay in the Know

You do not need to know every detail of every news story happening around the world, but knowing what is generally going on in cybersecurity and the specific industry you support helps in determining what your own priorities should be. This includes knowing what major risks and threats your industry is facing and knowing where technology trends are shifting. You don’t want the surprise forward from your CEO of something they saw in the news and asking “are we secure from this?!”

I listen to a lot of podcasts as I spend a lot of time walking the dog and on the subway. Finding the medium that works best for you (podcasts, email newsletters, blogs, etc.) is my strongest recommendation.

The cybersecurity and tech specific resources I find most helpful are

• The CyberWire’s daily podcast or briefing;
• The CISO Series’ Cybersecurity Headlines;
• The Risky Business weekly podcast;
• The Big Technology Podcast, notably the weekly week-in-review show.

All of the above sources provide written newsletters, and deep-dive podcasts on various topics, which you may find interesting. Again, you do not need to take it ALL in, but finding areas of interest and generally staying the know will go a long way. 

Build Your Brand and Network

You are likely not going to land the dream job by walking through the front door of Company X and handing your physical resume to the reception desk. However, you are also far less likely to advance by sitting and lurking in your room for eternity.

On a local level, attend your various work events and happy hours and get to know the people you work with (again - build trust!). There are also likely to be local cybersecurity networking events, whether it’s a BSides event (BSides is a global series of community-driven information security conferences and are pretty low-cost), or a vendor’s local wine tasting. Participating in online forums (Reddit, LinkedIn, etc.) every once in a while is also a great way to contribute and be out there while not physically being out there. Just don’t be the obnoxious poster.

It is also worth it to attend one of the major conferences once in a while. I would not be in my current role without attending a previous Black Hat conference and strategically determining which briefings to attend and what speakers I wanted to engage with.

Last Words

A theme you will see in my posts is that these items are most effective when they are not done performatively. For instance, a conference speaker will know whether you are conveying genuine interest in their topic or work or if you are just trying to get the LinkedIn connection.

There is so much that goes into your cybersecurity management journey. This is just scratching the surface, but my hope is that it provides you with some tangible things that you can work on. 

Have any thoughts or feedback? Definitely reach out!