Information Security Leadership: Applying Transformational Leadership Characteristics to Develop More Effective Relationships

Similar documents
Practices for Effective Local Government Leadership

ICMA PRACTICES FOR EFFECTIVE LOCAL GOVERNMENT LEADERSHIP Approved by the ICMA Executive Board June 2017; effective November 2017

Capitalizing on the Difference Between Project Management and Project Leadership

Nelson Mandela s Influence Using Organizational Behaviour Techniques

The definition of leadership

Webinar Wealth. Webinar Template

Improving Procurement s Internal Credibility: A Guide

myskillsprofile MLQ30 Management and Leadership Report John Smith

Building a Strong Future Together

30 Course Bundle: Year 1. Vado Course Bundle. Year 1

Transformational Leadership: What s Your Motivation?

The nature of Leadership Leading Leadership and vision vision: Visionary leader Power and influence power Sources of position power Reward power

Leadership 360. Sam Sample. Name: Date:

7 mistakes leaders make when introducing change How to break from the pack and navigate your own successful path

BRANDING GUIDE A PRIMER FOR CREATING AND LEVERAGING A POWERFUL BRAND

7 Days to Mastering the Art of the Interview

ebook Reach Your Leadership Potential

SOUTHWESTERN SUSTAINABLE RECREATION STRATEGY

Laying the Groundwork for Successful Coaching Efforts

New Leadership Expectations for 2016 Connect Then Lead

CHARACTER ELSEVIER COMPETENCY FRAMEWORK

Communication. Understanding

COURSE CATALOG. vadoinc.net

SciPhD Business Core Competencies

Turning Feedback Into Change

The Challenger TM Customer: THE NEW REALITY OF SALES

Leadership Agility Profile: 360 Assessment. Prepared for J. SAMPLE DATE

San Francisco Bay Area Federal Executive Board Leadership Development Program Mentor Application Form

Entrepreneurial Leadership

The Fundamentals of Great Leadership

Leading a Multigenerational Workforce: Which Style Works Best? By Bill Benoist

Mastering. Messaging. By David Grossman,

Watson-Glaser III Critical Thinking Appraisal (US)

Seven Key Success Factors for Identity Governance

Management Drives. Introduction

LEADERSHIP PEGINE GREAT ENGAGED LEADERS MANIFEST SUCCESS COMMUNICATING YOUR VALUE FEISTY, FEARLESS, FOCUSED, FUN KEYNOTE SPEAKER INFLUENCING OUTCOMES

3 Components to High-Performing Healthcare Facilities: Data, Communication & Engagement

Visionary Leadership. A leadership style to get your team aligned toward achieving your vision.

Customer Service Strategy. Adelaide City Council. Contents

What are the Keys to Effective Leadership?

What are the Keys to Effective Leadership?

In corporate America, sometimes good employees leave a company because a manager did not help them achieve their personal goals, or they are a part

XpertHR Podcast. Original XpertHR podcast: 25 January 2018

Oracle Marketing Cloud Transforming Businesses Through Enhanced Customer Experiences. An Exclusive Company Overview for

NATURAL RESOURCES CONFLICT RESOLUTION PROGRAM THE UNIVERSITY OF MONTANA

SUCCESS PROFILE TELSTRA BAND 3&4 INDIVIDUAL CONTRIBUTOR

How to Be a Leader Your Employees Never Want to Leave

A REVIEW OF THE LITERATURE ON TRANSFORMATIONAL LEADERSHIP. KEYWORDS: transformational leadership, behavior, engagement, globalization

Seven ways to be a highly effective person in any environment

FAQ: Management and Leadership Styles

Leader-centered approaches focus on traits, leader behaviors, and power. They include:

A leader lives in each of us. Leadership is one of the four functions of management.

LEAP - R2 (Leadership Potential Assessment - 2nd Revision) Report for: RDC2014 RDC2014 Completed on: April 6, 2014 at 4:08 pm Completed in: 21 min

Engineering Leadership

Leadership. Common Goal. TCI Expo /2/2017. Todd Kramer, Kramer Tree Specialists 1. Leadership for Crew Leaders & Managers

Center for Leadership PROFESSIONAL DEVELOPMENT

ATTACHMENT #1 Value-of-Work Activity

CHAPTER 3: CHANGE MODULE 4: CULTURE & SYSTEMS MASTERY

Bellevue University College of Continuing and Professional Education Recent Professional Development Deliveries

Six Strategies for "Leading Upward"

EVOLUTION OF IN-HOUSE COUNSEL: STAYING CURRENT IN TIMES OF CHANGE. May 12, 2015

Leading Performance Without Positional Power

IS BECOMING THE GROWING LIABILITY FOR THOSE TRYING TO SUCCEED

Building Conscious Capitalism by Inspiring People and Stakeholders

You play the pivotal role, but Clemson will provide opportunities to develop skills essential to your success.

Best Practice Guide to Co-creation

Building the Foundation for a Successful Business

BUILDING CREDIBILITY. For internal use only

MENTORING G UIDE MENTEES. for BY TRIPLE CREEK ASSOCIATES, INC Mentoring Guide for Mentees

Spotlight on Success. July Brendan Howe

Table of Contents. Foreword 3. Introduction 5. What s the strategy? 7. The vision 7. The strategy 7. The goals 7. The priorities 8

A LEADERSHIP TOOLKIT

6 KEY HABITS TO SUCCESS

For personal use only

Internal Management Consulting Competency Model Taxonomy

Financial Advisors: How to Optimize your LinkedIn Profile

7 STEPS TO SUCCESSFUL RETENTION AUTOMATION YOUR GUIDE TO MAXIMIZING REVENUE FROM YOUR CUSTOMER DATA

Human Capital Management

MGM RESORTS INTERNATIONAL LEADERSHIP COMPETENCIES

7 STEPS TO SUCCESSFUL RETENTION AUTOMATION YOUR GUIDE TO MAXIMIZING REVENUE FROM YOUR CUSTOMER DATA

Developing the Mind of a Leader: Building Strong Teams

Involve your team in continuous improvement: Content guide

Empowerment The best way to become a World Class Organization By Diane Prange

ANA Adopted Values and Associated Behaviors. May 27, 2015

Inspiring People to Carry out Your Vision. Track 1 Session 1

Lesson 11: Leadership

How Does an Executive. Coaching Engagement Work? ArdenCoaching.com

The A.R.T. of Relationship Marketing

Annual Performance Report Scorecard Evaluation Criteria

Dara Ahmed Caucasus University

Chapter 2 Lecture Notes Strategic Marketing Planning. Chapter 2: Strategic Marketing Planning

Excellence in Spinal Technology

Finance Division. Strategic Plan

Developing Benchmarks, Metrics, and Tracking to Determine ROI: 5 Tips to improve the value of your meetings and events

Student case study questions

1/11/2017 GOAL SETTING WITH YOUR TEAM TEAM MEMBERS IN TODAY S WORLD WHY? PERSONAL AND GROUP

Foundation. Get people to talk. Tell them what to say. NEFMA 2018 SPRING CONFERENCE // KEY TAKEAWAY: // NOTES:

Transcription:

Information Security Leadership: Applying Transformational Leadership Characteristics to Develop More Effective Relationships Author: Charles Brodsky, cbrodsky7 (at) hotmail.com Accepted: April 3, 2018 Abstract What makes information security leaders great? This question has likely come to mind for virtually all information security professionals at various points in their career. Many use the terms manager and leader interchangeably, but they are different. Managers focus on the mechanics of getting things done, whereas leaders inspire people to want to get things done. Leaders who apply transformational leadership characteristics have also been shown to have a high correlation with highly effective organizations. This research will discuss one of the components of transformational leadership, idealized influence, and how it applies to a leader s relationships with both the security team and with other executives. An analysis of how idealized influence impacts these relationships, as well as the methods that can help security leaders be more effective compared to traditional approaches, will be explored.

2 1. Introduction Although commonly linked, leadership and management are two distinct roles, and not all managers are leaders (Hall et al., 2015). What is the difference between the two? Choi (2016) says that an information security manager s skills can be summarized as technical, administrative, bureaucratic, and technocratic. These skills are essentially the mechanics of management. But, leadership is the process to influence others to follow rules and procedures to achieve objectives (Humaidi & Balakrishnan, 2015). Thus, the differences between leadership and management lie in making someone do what you ask and inspiring them to want to do what you ask. Many scholars cite transformational leadership as something that exceptional leaders do. In fact, Martin (2016) illustrated the high correlation between transformational leadership and effective organizations (Okoye, 2017). Northouse suggests, in the simplest terms, transformational leadership is a process that changes and transforms individuals (2001). In other words, transformational leadership is the ability to get people to want to change, to improve, and to be led (Hall et al., 2015). Transformational leadership is characterized by four components: idealized influence, inspirational motivation, intellectual stimulation, and individual consideration (Hall et al., 2015). For this paper, we will discuss how the 'idealized influence' component applies to information security leaders. The focus will be on two relationships that the security leader has: the one with the security team and the one with executive management. Idealized influence for information security leaders is frequently demonstrated with the leader s technical knowledge. When dealing with executive management, both technical knowledge and business acumen is key.

3 2. Transformational Leadership Although there are defined characteristics and components of transformational leaders, there are no specific steps managers can follow to become transformational leaders, i.e. becoming an effective transformational leader is a process (Hall et al., 2015). Because there are no set rules to follow, each person s leadership journey will be somewhat unique, although there will likely be common milestones each will pass. One of these milestones is recognizing some of the benefits gained at the completion of this journey. Probably the most significant is the understanding that transformational leadership has been shown to have a high correlation with highly effective organizations. As such, developing some of the characteristics associated with transformative leaders is likely to produce very positive outcomes for both you (the leader), and your organization (Okoye, 2017). According to Northouse (2001), a transformational leader has the following qualities: Empowers followers to do what is best for the organization Is a strong role model with high values Listens to all viewpoints to develop a spirit of cooperation Creates a vision, using people in the organization Acts as a change agent within the organization by setting an example of how to initiate and implement change Helps the organization by helping others contribute to the organization. (Hall et al., 2015) It s easy to see why this is particularly important for information security professionals. It can be argued that some of an organization s most valued assets are knowledge or information-related, so the person responsible for protecting those assets needs to instill confidence as both a knowledgeable leader and sound decision maker. Listening to all viewpoints and creating a shared vision helps achieve this by not only building confidence in the leader, but by creating a spirit of cooperation to unify the team in supporting the organization s goals. Not only does technical competence come into play for understanding the security and business risks, but business acumen also becomes just as important to appreciating how those risks could impact the organization (Teitler, 2017). It is worth mentioning that

4 both of these skills have limited value if the leader isn t able to effectively communicate this knowledge to executive management and the security team in a way that inspires trust and confidence. 2.1. Technical knowledge and the relationship with the team Many teams would probably find it difficult to follow a leader whom they didn t respect. When leading technical teams, there is an additional element that comes into play: the leader s technical ability (Educause, 2016). Very few technical people would expect their leaders to understand the nuances and intricacies of any given technology as well as they do, but they do tend to expect that their leaders have a foundational working knowledge of the basics when discussing technical concerns and issues (Educause, 2016). Todd (2012) takes a slightly different approach and argues that CISOs don t necessarily need to be techies, but he does concede that they must still understand IT risks and controls and where they fit into the business. This could be interpreted to mean that direct technical experience is obviously helpful, but regardless of the career path the leader took to get there, that leader still needs a working knowledge of the technology and the risks it may pose to the organization. Therefore both approaches agree that information security leaders don t necessarily have to have come from technical backgrounds as long as the leader understands the technology well enough to communicate the risks and benefits to the organization. It is also critical for the team to feel that their leader will represent them well and will effectively communicate issues to executive management. Given the differences regarding what is important to various stakeholder groups, it is necessary that the information security leader understands when and how to adapt messages for different people. The leader further knows how to tell a story, share a vision, and be multilingual capable of speaking to technical audiences as well as nontechnical, business, researcher, and other groups. (Educause, 2016). This helps build trust in the leader because tailoring the leader s message to address what each stakeholder is most concerned about shows the leaders comprehension of what those issues are, and

5 demonstrates that the leader has included the stakeholder s needs into her recommendations and vision. Of course, it s also important that the leader can effectively communicate the business direction and goals from executive management to the technical team. It is much easier to get the team s full commitment and buy-in when team members understand how their work and efforts are part of the bigger initiatives in the organization, and how they support the organizational goals (Teitler, 2017). This shows the importance of the leader s ability to communicate in both directions between the security team, and the executive team. Humaidi & Balakrishnan (2015) underscore this when saying, top management must possess definite knowledge on the importance of information security to create an organizational environment that is conducive to achieving the security goals. By ensuring that the executives understand any technical issues or limitations, as well as how competing priorities may affect the team s ability to execute their requests, they can have a realistic expectation of what can be delivered in a given timeframe. This also gives those executives the information necessary to reprioritize competing efforts to better support their primary objectives. This demonstrates to the security team that they are supported and working in concert with the rest of the organization toward shared goals. In essence, the characteristics of idealized influence are demonstrated by the information security leader s positive, role model behavior. By showing an understanding of both the technical risks and challenges the team must deal with and the overall risks and goals of the business, the leader inspires the team by showing the importance and value of their work. This level of cooperation, shared vision, and empowerment combine to bring the team a sense of purpose and the feeling that their work is valued (Teitler, 2017). 2.2. Technical knowledge and the relationship with executive management Technical knowledge isn t just important for the leader s team, but is important to executive management and peers as well. As we ve previously said, having a strong technology awareness is required for effective communication and credibility with and

6 leadership of the security team (Educause, 2016). From a technical perspective, other executives expect security leaders to understand the risks and threats to the technology they are using, and the impact they can have on the organization (Ritchey, 2015). Ritchey goes on to say that providing relevant and timely intelligence to management is one of the key values CSOs provide. Of course, sometimes how you say something is almost as important as what you say. Good communication skills are a must at this level. In support of this, Steven difilipo says, A CISO that communicates risk in a manner that does not matter to others will not have their burden for long (Suer, 2017). DiFilipo continues saying that in some cases CISO effectiveness is tied into how creatively they communicate. Therefore the importance of communication skills at this level cannot be overstressed. In fact, information security leaders must be master communicators. This is illustrated by the following: as a master communicator, the information security leader understands when and how to adapt messages for different people. The leader further knows how to tell a story, share a vision, and be multilingual capable of speaking to technical audiences as well as nontechnical, business, researcher, and other groups. (Educause, 2016). Communicating clearly to the various stakeholders, understanding the key elements of the technologies used, and how these technologies may impact the business are some of the ways idealized influence applies to working with peers and executives. By demonstrating an understanding of both business concerns and technical risks, the information security leader is better positioned to express a knowledgeable vision and plan that will help build faith in his or her ideas and focus the organization as well as the team. Having the underlying technical understanding and the ability to communicate it appropriately to all audiences is something that information security leaders need, but there is one more element that must also be incorporated to be successful: business acumen.

7 2.3. Business acumen and the relationship with executive management Technical and communication skills are critical to getting to the top information security leadership position, but without business acumen, it would be difficult to stay there. It could be argued that business knowledge of the industry, and organization, is a requirement for any executive. Without this knowledge, how can you make effective recommendations for managing risks and supporting the organization? Sharon Pitt illustrates this by saying that CISOs and CIOs must be able to help with communicating, identifying and managing risk with business partners and that everyone in IT today needs to be a bit of a business person or they risk becoming irrelevant. (Suer, 2017). Although there are common risks and threats across many industries, each industry has its own set of threats and vulnerabilities that need to be addressed. For example, the primary risks and vulnerabilities in higher education, retail, and financial organizations are different. Aside from industry differences, each organization within an industry also has differences regarding risks and impacts. Without knowing the industry the leader operates in, and his or her unique organizational environment, it would be difficult to make proper recommendations and decisions. This is illustrated with the following quote. A security leader must fully grasp what s important to the business before relaying information to her/his security and operations teams. On the flip side, the security leader needs to use his/her influence to educate fellow executives and the board about threats identified by the security and ops teams that might not be as apparent as, say, losing all the company s customers credit card numbers or adversaries taking down the entire network for three days. (Teitler, 2017) Therefore, understanding business fundamentals such as how a given company makes money, what their competitive advantages are, and how the competition operates are key for information security leaders. It would be difficult to have other executives respect leaders and their recommendations if they don t have even a basic grasp of the business fundamentals that are expected at that level. Without executive respect and support, it would be challenging to be effective and successful. Doubt and mistrust of

8 leaders knowledge and abilities would undermine all they attempt to accomplish (Educause, 2016). 3. Conclusion So what makes great information security leaders? Like each of us, great information security leaders are unique, with no two exactly the same. Although there are no scripts or blueprints to follow, this paper addresses three characteristics that many seem to have in common. These characteristics: technical skills, communication skills, and business acumen come together for transformative leaders. Leaders combine them to become compelling role models and inspire their teams and executives to share their vision. Therefore, the information security leader creates a stronger commitment by embodying a persona with the technical knowledge to understand the risks and benefits, the business knowledge to leverage those technical skills to advance the business' goals, and the communication skills to impart this vision in a compelling form. It is that commitment to the shared goals and vision that becomes the key benefit of transformational leadership and what makes great information security leaders. The ability to have people not only doing what you are leading them to do but to truly WANT to do what you are leading them to do.

9 References Bluhm, D. (2017, January 27). How to lead change and overcome resistance. Retrieved from https://www.uccs.edu/business/business-research-index/how-to-leadchange-and-overcome-resistance Choi, M. (2016, July 7). Leadership of Information Security Manager on the Effectiveness of Information Systems Security for Secure Sustainable Computing. Retrieved from http://www.mdpi.com/2071-1050/8/7/638/htm Choi, M., & Park, E. (2016). The Influences of Enterprise Management Strategy on Information Security Effectiveness. Retrieved from https://www.ripublication.com/ijaer16/ijaerv11n15_50.pdf Educause. (2016). Technology in Higher Education: Information Security Leadership. Retrieved from https://library.educause.edu/~/media/files/library/2016/3/ewg1601.pdf Floyd, K. (2010, May). Leadership Styles, Ethics Institutionalization, Ethical Work, Climate, and Employee Attitudes toward Information Technology Misuse in Higher Education: A Correlational Study. Retrieved from https://digitalcommons.georgiasouthern.edu/cgi/viewcontent.cgi?referer=&httpsre dir=1&article=1339&context=etd Hall, J., Johnson, S., Wysocki, A., Kepner, K., Farnsworth, D., & Clark, J. L. (2015, October). Transformational Leadership: The Transformation of Managers and Associates. Retrieved from http://edis.ifas.ufl.edu/hr020 Hulme, G. (2014, January 8). The 7 best habits of effective security pros. Retrieved from https://www.csoonline.com/article/2134262/strategic-planning-erm/the-7-besthabits-of-effective-security-pros.html Humaidi, N., & Balakrishnan, V. (2015, April). Leadership Styles and Information Security Compliance Behavior: The Mediator Effect of Information Security Awareness. Retrieved from http://www.ijiet.org/papers/522-i00016.pdf Martin, J. (2016). Perceptions of transformational leadership in academic libraries. Journal of Library Administration, 56, 266-284.

10 Northouse, Peter G. (2001). Leadership Theory and Practice, second edition. Thousand Oaks, CA: Sage Publications, Inc. Okoye, S. (2017, July). Strategies to Minimize the Effects of Information Security Threats on Business Performance. Retrieved from scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=5058&context=dissertatio ns Olzak, T. (2007, March 11). The 7 habits of highly effective information security leaders. Retrieved from https://www.techrepublic.com/blog/it-security/the-7-habits-ofhighly-effective-information-security-leaders/ Ritchey, D. (2015, May 1). What Makes a Great Security Leader? Retrieved from https://www.securitymagazine.com/articles/86325-what-makes-a-great-securityleader Suer, M. (2017, April 18). CIOs on CISOs and Information Security Leadership. Retrieved from http://www.protegrity.com/cios-cisos-information-securityleadership/ Teitler, K. (2017, April 25). A Look at Security Leaders Priorities. Retrieved from https://misti.com/infosec-insider/a-look-at-security-leaders-priorities Todd, M. (2012, November). Chief information security officer skills go beyond customary technical roles. Retrieved from http://searchsecurity.techtarget.com/opinion/chief-information-security-officerskills-go-beyond-customary-technical-roles

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback