The Importance of Leadership in IT Security

With ongoing news of serious security breaches taking place both in the public and private sectors, leaders of all stripes are realizing that not investing adequately in IT security can have a negative, if not devastating, impact on the overall health of their organization, so too are they coming to understand the role of leadership within their IT security teams.
With ongoing news of serious security breaches taking place both in the public and private sectors, leaders of all stripes are realizing that not investing adequately in IT security can have a negative, if not devastating, impact on the overall health of their organization, so too are they coming to understand the role of leadership within their IT security teams.

By Andrew W. Donofrio

There is no shortage of leadership books, articles, and training programs developed for corporate America and government alike.

On the corporate side, the importance of leadership is an easy sell: develop and empower staff to increase productivity, which will ultimately increase the profits and success of the company.

As for government, the sell is equally as straight forward, but more mission oriented.

But what about leadership within an organization?

Security as a whole, and IT security in particular, is often looked at as a line item and not a revenue generator.

As such, the role of leadership development in this realm has been nearly non-existent.

But with the recent news of serious security breaches that have taken place both in the public and private sectors, leaders of all stripes are taking notice.

Just as they have realized that not investing adequately in IT security can have a negative, if not devastating, impact on the overall health of their organization, so too are they coming to understand the role of leadership within their IT security teams.

(Learn More about Leadership from John Maxwell. Courtesy of Evan Carmichael and YouTube. Posted on Aug 17, 2016) 

Among the two most important leadership concepts for IT leaders: vision and communication.

Vision: Defining a Clear Path

First and foremost, a clear IT security vision saves an organization money.

There have been countless times when an IT security audit identifies redundant or unnecessary security systems, controls, and applications.

For security leaders, your vision is what you believe is necessary to protect the assets critical to your organization.

It should include both the technical and human aspects of security controls.

Vision should include both the technical and human aspects of security controls.
Vision should include both the technical and human aspects of security controls.

A well-formed vision will also streamline your buying process, define your training and education budget, and establish the basis for your project management plans.

Ultimately, it will keep you from spending needless dollars that don’t bring added benefits to the security of your environment.

Equally as important as vision is the concept of “buy-in.”

In order to implement an impactful security program designed to protect your critical data assets, you will need buy-in, not just from the IT staff but from the organization as a whole. 

It is important to realize that people will be more likely and committed to follow when they are assured the leader knows where he’s going, or more appropriately, where he’s taking them.

Similarly, they need to understand why it is important for them.

In its simplest terms, poor security can lead to the failure of the organization and the loss of their livelihood.

  • A clearly stated and understood vision gets you this buy-in.

  • An effective leader creates the vision and leads his people toward it.

In the words of John Maxwell, “anyone can steer a ship, but it takes a leader to chart the course.”

Now that you’ve charted your course, the work begins: effectively communicating it to others.

Communication: The Key to Leadership

Probably the greatest skill a leader at any level can possess is effective communication.

This is especially true when it comes to IT security.

When I am asked to speak on leadership and the company is unsure of the specific topic they want me to cover, my first suggestion is always communication.

Communication after all, is about making a connection with others in order to gain influence.

A leader needs to have influence to carry out his mission.

James Humes, former Presidential speech writer said it best: “Communication is the language of leadership.”

Anytime I am asked to speak or conduct a workshop, I remind myself of the most important fact: I am not there for me, I am there for them.

It is incredibly important that leaders understand that not only are they there for the organization, but also to add value to the lives of those in their charge.

One of the reasons leaders are in that position is to help their people grow and develop. When you communicate from this perspective it is received as genuine.

This allows you to form a greater connection, and ultimately increase your influence.

(Hear direct from the author. Courtesy of Andrew Donofrio and YouTube)

Zig Ziglar put it this way: “If you first help people get what they want, they will help you get what you want.”

For IT leaders, where productivity incentives for their staff may be scarce, communication skills are especially important.

You must convey the importance of a successful IT program not only to the organization as a whole, but to the individual IT team member as well.

Additionally, what I have found to be common among the IT professionals I have worked with is a desire to learn, grow and develop.

Communicating a genuine commitment to their growth will build loyalty and following.

You should also understand that probably more important than what you say is what you don’t say.

Some experts suggest that more than 90 percent of what we convey has nothing to do with what we actually say.

Consider a conversation you have had with someone who’s simultaneously checking their phone.

I know personally I feel they’re disinterested and as a result, I mentally checkout of the conversation.

Leaders, conversely, must be all in when communicating with their people, thus limit the distractions, maintain eye contact, and actively listen.

Haines Security SolutionsThese skills are critically important for the security leader.

He must motivate his team to carry out the organizational vision.

He must be able to convey to all staff the importance of security mindedness and care in IT usage, which will empower them to avoid things such as phishing attempts.

Finally, if the leader is a successful communicator, he will have established trust between him and the staff.

This level of trust will give people the confidence to disclose a mistake they might have made which could compromise the security of the network.

Be a Student of Leadership

Hopefully, the value of effective leadership for the success of a security program is apparent.

While we may have focused strictly on IT security leaders, people in all positions will do well to become students of leadership.

I encourage you to read leadership books, attend seminars and workshops, find a leadership mentor, bring speakers to your organization, and join leadership mastermind groups.

As someone with a foot planted firmly in both worlds, IT security and leadership education, I know firsthand how much the IT security leader needs to keep abreast of and study.

However, all the knowledge in the world will do you no good if you can’t empower others to help you carry out your mission.

About the Author:

Andrew Donofrio has spent the majority of his life in leadership positions.

At 19, he started a career as a police officer and at 24, was promoted to Sergeant.

After 25 years, Andrew retired from law enforcement as a Lieutenant in charge of a nationally recognized computer crimes unit, and started an IT security firm, which he stills leads today.

Andrew Donofrio
Andrew Donofrio, Professional Speaker, Trainer, Coach at Andrew Donofrio LLC and Owner Cyberology Consultants

Andrew then realized that his life-long passion for learning, teaching, and adding value to others could be part of a new chapter in his life.

That is how he came to pursue a speaking, training, and coaching practice.

It is Andrew’s mission to leverage his experience in law enforcement and private sector leadership to provide impactful programs that motivate, inspire, and educate.

His presentations use real world examples, emotionally evocative personal stories, and humor to help participants break through the barriers and challenges that prevent them from realizing their vision and getting results.

To Learn More, please visit http://cyberologyconsultants.com/.