business

Leadership Philosophy in Cyber Security

Austin Coats

5 min read
Leadership Philosophy in Cyber Security
Photo by Daniil Silantev / Unsplash

Beginning my MBA studies, I've been asked or rather encouraged to lay out and devise a 'Leadership Philosophy'.

To explain briefly, a leadership philosophy is essentially the foundation and pillars that serve as your guide in your decision making processes. It is intended to be your principles, how you manage your relationships, and how you choose to get things done.

Naturally, this should be an important consideration for anyone, not just leaders.

In my case, this is for the 'Managing Organizations and Leading People' class that I am currently taking. It's insightful to read the various leadership theories and papers in order to relate them to experiences that I've had thus far.

For at least 6 years now, I've been working in the Cyber Security space in a professional capacity and have come across quite a good deal of people, personalities, and modi operandi.

This is helpful because each team you encounter is going to have it's own unique dynamics. These dynamics normally seem to stem from the leader of the group and it is what serves as the foundation of the team 'culture' and what team members will have to form to.

We've heard of being a culture fit, or learning team dynamics, or simply just interacting with others.

However, how does this fit into a cyber security frame of reference? What type of leadership philosophy will be ideal for it?

Current Workplace


My current manager self-professes to having a unique method of management, and from my experiences, he does indeed. To label this in textbook terms, he takes on a type of Laissez-Faire style that allows for us to execute our jobs freely and efficiently. But in addition to this, I've noticed additional benefits that deserve special mention:

1. Psychological Safety

Normally, when the term 'Safe Space' is used, it's intended as a oppressive means to silence opposing opinions to protect the feelings of certain individuals. In our case, as is the correct usage, our team exists in this bubble where we are able to discuss issues and problems freely without fear of reprisal. This enables a reduction of stress and a promotion of ideas to solve the issues that we face as a team.

2. Informality

While we are rather laid back as a team, the informal nature of our relationship has helped foster a tight-knit team environment where communication flourishes as a result. Instead of getting constantly caught up in structured requirements that can normally be present in security operations teams where everything is dictated by standard operating procedures.

3. Flexibility

Given the relaxed nature of the team, we are given a great deal of flexibility in our endeavor to protect the organization. Essentially the goal of the team is clear: Protect the organization from cyber threats. This general goal for the team allows abundant opportunities for focused responsibilities and cross-training opportunities.

My Philosophy


It can be difficult to write into words your own method of doing as you're quite the subjective viewer. I find that it's much easier to be more forward thinking and build around where you would like to be.

As such, my philosophy of leadership revolves around the following facets:

Knowledge, Experience, Wisdom

There are leaders to be found everywhere, but it's quite possible that some are not ready for leadership because they do not possess the cumulative knowledge and subsequent experiences that result in the wisdom that is so often sought within a leader.

I find it vital that I build my knowledge and experience in my field so that I may be better suited to making decisions within the space. It's easy for an overly confident ego to get in the way when you are early on in your career, as I have experienced. As time has gone on, I have realized that I know nothing, and that there was more learning to be done before I climb out of the depths of the Dunning-Kruger valley.

This experience of learning is slowly, but surely, resulting in the acquisition of the wisdom that we all hope to find. It may not yet be complete or anywhere near an acceptable state, but as I continue to learn, I move ever forward.

Furthermore, without these facets being made steadfast, how can I be seen as a leader if I don't even know what I'm talking about?

Conviction, Empathy, Reliability

Whilst one set of facets focuses on the substance of myself as an individual, these are intended to focus on the spirit of self. Whilst wisdom is great, the application of it needs to be considered as well. How is it driven? Does it give due consideration? Is it applied consistently?

Many can have an idea, but the fortitude demonstrated to maintain that idea is what defines the man. It is what makes certain men of faith all the more admirable, because despite it all they still believe and hold steadfast to their faith. It is their conviction that demonstrates beyond everything else that when the waters get rough they will be the ones to see it through.

But when in the midst of a storm, who is there to care for others who might be drowning in it's waters? If we choose to imitate Christ, then it would behoove us to raise up those who have to place our faith in us, one way or another. In this, as we seek to guide through decisions, I feel that we must also care for those who will be impacted by our decisions.

Though this is all for naught if you don't show up. Every day. Come rain, sleet, or snow.

Application

The above philosophy speaks to a general foundation that can be applied where necessary, but in our particular interest is the application to the Cyber Security realm.

The first parts are relevant due to the vast amounts of information in information security. There are numerous domains and specialties within the space that require their own special expertise to execute effectively. I've been working in an Incident Response / Security Operations capacity for some time now and even still there's more to learn from the technical response to an incident as well as the managerial command of an incident. This compounds exponentially when you consider the necessity of cross-training and deeper specialization.

The last parts are especially relevant due to the unique stressors of information security as a whole. Not only is it affecting you, but it's also affecting your team, and the individuals who are impacted by such security events. As such, it's important to understand the psychological impacts placed upon others day in and day out when working within the security space. Imposter syndrome, burn out, neurodivergency and more can play a daily part in the lives of IT professionals and being empathic of these concerns will vastly increase your success as a team when combined with the tenacity of reliable conviction in protecting an organization.

Closing

A philosophy can and should be a dynamic entity that undergoes frequent permutations as the journey it takes can be filled with loops, twists, and turns that will challenge it. However, when built upon a solid foundation, we enable ourselves to address these challenges with discernment rather than emotional reaction.

Whether it be in security, or any other field, the true value will always come from the team rather than the leader. So, I plan to always take care of them.

Thank you,
~Austin

Read more