Guest Column | November 18, 2021

The Ballad Of A Cybersecurity Leader

By Jon Clemenson, TokenEx


Balancing protective strategy with a vision for growth and empathy for staff.

At any stage in someone’s career, mentors, and leaders play an important role in what you learn, how you grow, and the types of opportunities available to you. This is especially true in cybersecurity, where the threats are constant and evolving—and the burnout rates can run high. Although every manager has an individual style and preferences for leading, the necessary qualities are a mix of strength, inspiration, motivation, and empathy to earn the best efforts from everyone on the team. This principle is especially true for leaders of cybersecurity teams.

One challenge to leading security teams is a misconception about the priorities of the role. Sometimes, beyond fending off data breaches and cyber threats, the security function can be perceived as only serving to slow down business and business processes. However, the truth is a bit more complex. Finding a balance between enabling members of an organization to work efficiently and assisting in the protection of organizational assets and data can be tricky, to say the least. Add to this the responsibility for ensuring the mental and physical well-being of a team of direct reports, and that will require a leader to bring a hefty dose of compromise, as well as empathy and compassion to get the job done.

Another challenge for security leaders can be breaking the negative stigma around cybersecurity practices. Departmental staff of an organization often perceive the security function as the enforcers of policy who show up during security emergencies. Depending on the circumstances, security teams may not always get the best reception. For this reason, security leaders are doubly challenged with persuading company leaders and staff on the need for adequately securing company resources. At the same time, security leaders want to show that they are committed to and prepared for company growth. As cybercriminals raise the stakes every day, security teams must be prepared and resilient to confidently handle the stressful situations they will undoubtedly encounter.

Consistent, Transparent Leadership

In addition to negotiating security processes and procedures with executive leadership, security leaders are also focused on the education and growth of their team members. Ultimately, they are the internal advocate for ensuring that the security team is valued and can achieve career fulfilment. The constant shifting of the cyber landscape means that team members need access to an evolving set of technologies and strategies in the battle with malicious actors. It is paramount that leaders provide constructive feedback to guide teams into new depths of the dark web without jeopardizing the well-being of the organization. Through consistent, transparent leadership that emphasizes flexibility with a passion for continued education, all team members can be successful in thwarting modern cyber threats.

An environment that lacks opportunities for continued learning or recognition of good work can result in a less productive and efficient team. To guard against morale dipping, a strong leader will maintain an empathetic approach in moments when stress is high. By focusing on the strengths of each team member and crediting what talents or specialized certifications they uniquely bring to the table, you can help foster great work that contributes to the organization’s overall growth.

Due to the fast-paced nature of the technology business and the evolving, sophisticated threats, it can be difficult for security professionals to maintain expertise at times. A strong cybersecurity leader will see the value in each team player and recognize those going the extra mile to protect the company while assisting other members of the team.

When it is time to expand the team, be open to candidates of all skillsets. Training in the security function can be just as valuable as an extensive amount of technology certifications. Certifications do not make someone a good cybersecurity practitioner or team player. The field can often require a mindset that is open and takes nothing for granted. Practitioners should be open to the possibilities of how attacks are executed and which solutions can mitigate the threat. Another asset in attracting your security personnel is identifying those who will consider a broad range of perspectives in developing the organization’s strategy and posture.

Be Prepared For Change

The pandemic has shown us that everything we once knew about business can change swiftly and dramatically. As a leader, it’s critical to maintain an open and agile approach to organizational security for your team, with a clear direction for how you expect to lead. New strategies will continually be formulated, and improvements can always be made. But a model leader will demonstrate the ability to occasionally compromise or experiment with new methodologies to maintain operational efficiency during such unpredictable times.

Cyber leaders also cannot expect teams to follow their direction without establishing trust through feedback, mentorship, and transparency for how you will plan a path to success for each team member.

Ultimately, the ideal cybersecurity leader understands the pitfalls of the security industry and possesses a degree of empathy for such an important, yet often misunderstood role in an organization. As threat actors continuously levy their attacks, a leader who understands how to boost morale, raise awareness for security best practices, and implement new ideas for solving old problems will gather the most support. Accomplishing this while also battling the various stigmas related to cybersecurity teams may be a true recipe for success.

About The Author

Jon Clemenson is Director of Information Security at TokenEx.