Leadership in Cybersecurity: A Guide to Your First Role

We’ve probably all had this situation, and the further up the ladder you go, the more common it gets. When you’re the assignee in this situation, you need to manage-up, which is an art of its own and beyond the scope of this post. Essentially, in this situation you need to take over accountability. You should request a steer on priority, completion date, format for deliverables, expectations on approach and any other useful guidance. As this example illustrates, when you are the delegator, it’s important to think about the metadata requirements of the deliverable.

The second common error, I call ‘delegate the crap’. This is where someone delegates all the menial or low-value tasks they can’t be bothered to do, or feel are beneath them. Obviously, sometimes, there will be cases where you do need to delegate some administrative or annoying tasks to your team, however, I would suggest trying to balance this and taking some of this upon yourself where possible.

As a delegator, you want the task to be done well and you need to train the team to do their part right, ideally first time. Don’t assume they understand your working style and expectations or are ready-made task completing machines. Once expectations are set clearly, you’ll find the outputs will improve dramatically. The end goal is that the team pick up these working practices quickly and do them automagically for themselves in future.

To help with delegation, here are some things to consider that have helped me:

• Create a template (perhaps on email) that consistently captures the important metadata relating to the task.
• If the tasks were given verbally, follow-up with an email seeking acknowledgement and confirmation of understanding (also a good prompt for questions).
• Consider using frameworks, such as Agile, supported by tracking tools for bigger projects, engagements or tasks.
• Schedule check-ins (or ask the delegate to) to discuss progress, this will help prompt more even progress on the task and avoid a nasty surprise at the end.
• Where possible, delegate responsibility to make decisions and be creative. This is a good chance to empower.
• For more closed tasks, start the task yourself, create a framework or format for how you would like the task completing e.g. format an xlsx/pptx the way you want if you know how you want it, don’t leave people to guess.
• Explain the task, its importance and relevance to other activities. GIGO applies.

It is important to start stretching your leadership legs as soon as possible and not be afraid to experiment, seek feedback (from the team) and risk failure. Think about your experiences of being led and managed, what did the best people do? How could you use those things and integrate them into your personal leadership style?

I like to think of developing a leadership style as The Sword of Gryffindor (sorry for the Potter reference), in the sense that it would only take in that which made it stronger. That said, don’t feel like you need to absorb, implement and remember verbatim every leadership training, book or blog post. Use these things as influences that shape your sub-conscious, and don’t be afraid to implement tactical and strategic changes and see what works. One source that is fantastic for this, is HBR (Harvard Business Review). They focus on the ‘so what?’, everything is backed by research and the focus is almost always on takeaways for implementation.

Respect people’s time as you do your own

Valuing people’s time demonstrates you respect their contributions and their ability to work autonomously. Many leaders act in a way that could imply that they feel their time is more important than that of their team members’. This could be because they feel they’re busier than everyone else or because they feel their time is more important as they’re more senior. Whether this is what they genuinely believe or not, the perception they give through their actions can lead to the same poor outcome. This can result in the team not feeling valued, which impacts motivation and ultimately productivity.

My worldview is that I see leaders as ‘just another form of life’ (to paraphrase the late/great Sir Ken Robinson) and another function within an organisation. The tasks I do are as important to me as other people’s are to them. The upshot of this is that, as leaders, we should ensure we value the time of others. It’s core to their actualisation. This should be factored into tasks we delegate and the expectations we place on them. We need to be mindful of our positions and the expectations we set as part of that authority, as some people may feel unempowered to speak out. This also illustrates the importance of creating psychological safety (discussed later in this post) within teams to enable open bi-directional communication.

We can respect other people’s time by:

• Not expecting out-of-hours contributions, whether we feel its someone’s passion or not.
• Considering carefully when we ask colleagues (especially subordinates) to re-factor things to increase our convenience.
• Acknowledging effort.
• When outcomes aren’t quite right, recognising that it may be us (as the leader) who didn’t communicate things well.
• Considering the impact of what we say in the context of our seniority.

Use what you’ve got

When starting out as a leader, you should always try and play to your strengths. As research has shown, good people make good leaders. All the attributes people like about you as a person, will add to your strength as a leader. If you’re not sure what your strengths are, ask your friends or trusted colleagues. It may feel a little weird at first, but self-awareness cannot be understated. Knowing yourself is important and understanding where your strengths, weaknesses and blind spots are, is a continual journey.

Once you understand what your strengths are, look for ways to use them in your role. As an example, for me, I’m a real general knowledge nerd. I like to think that I know a little, about a lot of things. I also really enjoy speaking to passionate people, whatever it is that interests them. To leverage this, I always look for opportunities to find out people’s passions on the assumption I’ll hopefully know something about it. This really helps with building rapport and has made it easier for me to integrate into new teams. Find your superpower and figure out how to use it.

Know your theory

One of the best pieces of advice I can give to anyone who wants to be a better leader, is to read broadly about it. It’s how you scale mentors and there is a huge body of research and literature about leadership theory and practice. The two notes of caution I would give are that you shouldn’t take any one source as gospel, and, that you should consider the sources carefully. Each book, blog or podcast you consume should add new ideas and approaches for you to try as a leader. I like to take a scientific approach to leadership and would advise others do the same. Don’t be taken in by Svengalis who may have had anecdotal, personal success. I have included (below) some of the most important contemporary ideas and some sources that may be useful for you to consider. Obviously, this is not exhaustive, but a reasonable starting point on the journey.

Psychological safety and Project Aristotle

Psychological safety has been one of the biggest buzz-areas in leadership for some time, but in my view it is worth the hype. First coined by Amy Edmondson in her seminal paper “Psychological Safety and Learning Behaviour in Work Teams”, the work was famously validated by the ‘Project Aristotle’ study by Google. The concept is that team members should feel safe to take risks and articulate ideas, without fearing judgement. The Google study looked at 180 teams and what made them effective (or not). One of the most interesting outcomes, was the importance of Psychological Safety as an enabler for success. The key findings and definitions are summarised below (as an excerpt from the study). This gives a clear view on areas you may want to consider focusing on in terms of your leadership learnings.

“The researchers found that what really mattered was less about who is on the team, and more about how the team worked together. In order of importance:

• Psychological safety: Psychological safety refers to an individual’s perception of the consequences of taking an interpersonal risk or a belief that a team is safe for risk taking in the face of being seen as ignorant, incompetent, negative, or disruptive. In a team with high psychological safety, teammates feel safe to take risks around their team members. They feel confident that no one on the team will embarrass or punish anyone else for admitting a mistake, asking a question, or offering a new idea.
• Dependability: On dependable teams, members reliably complete quality work on time (vs the opposite - shirking responsibilities).
• Structure and clarity: An individual’s understanding of job expectations, the process for fulfilling these expectations, and the consequences of one’s performance are important for team effectiveness. Goals can be set at the individual or group level, and must be specific, challenging, and attainable. Google often uses Objectives and Key Results (OKRs) to help set and communicate short and long term goals.
• Meaning: Finding a sense of purpose in either the work itself or the output is important for team effectiveness. The meaning of work is personal and can vary: financial security, supporting family, helping the team succeed, or self-expression for each individual, for example.
• Impact: The results of one’s work, the subjective judgement that your work is making a difference, is important for teams. Seeing that one’s work is contributing to the organization’s goals can help reveal impact.”

If you want a more introductory primer on the concept of Psychological Safety, Amy Edmondson’s TED talk is a great place to start, as well as the New York Times piece on Project Aristotle. These will explain the concepts much better than I could.

Servant leadership

The concept of servant leadership is quite simple, in that, the leader’s role is to serve the team rather than the other way around. Studies have shown that the approach is broadly successful, with the basis rooted in engendering bidirectional trust, as demonstrated in this journal. Anecdotally, I’ve found that the implementation of servant leadership is very effective, especially when working with teams who function in technical domains. This is also one of the key principles of Agile too. Obviously, this isn’t the only style of leadership and I would advise you to find your own way, applying good ideas from a broad range of paradigms. Being a servant leader can be hard and quite taxing initially. It requires a high degree of self-awareness and the ability to park your ego. It’s not something everyone will feel is natural to begin with, but it’s worth the time and can build great teams and working relationships.

One of the most important things in leadership is communication, especially for servant leaders. I find it unusual when leaders don’t talk to their teams about their leadership style or what they’re shooting for. I like to try and engage with the teams I lead, and talk about the concepts and what informs my decision-making. Moreover, it’s important to understand how your team members like to work and to talk about concepts like servant leadership gives you a natural segway. I like to include servant leadership ‘sound bytes’ in communications, such as ‘I work for you, not the other way around’, and get feedback on what is or isn’t working that I’m doing. This requires high levels of Psychological Safety!

I wouldn’t recommend any particular book on the topic, but I enjoy the ideas of Simon Sinek and Jim Collins, their musings are a good place to start. Servant leadership isn’t something you can slip in and out of, it requires good research and experimentation.

Get organised

If you’re not normally an organised person, now is the time to adapt! Moving to a leadership position will very likely increase your task concurrency. If you’re not normally very organised, it’s time to start thinking about how you manage your time and prioritise your tasks. This is an area where there’s lots of scope for experimentation. Like many other technical leaders, I love the intersection between operational efficiency and technology. The area of productivity hacks is fascinating and it’s worth exploring how other people operate and manage their time and their team.

At a minimum, I would suggest using a to-do list. I really like ‘todoist’, but ‘Tasks’ in Microsoft Teams or a task with a checklist in Slack will also do the job. If you’re feeling more advanced, you could consider using a Kanban board, which if you work in development, you’ll be very familiar with. Trello has a freemium version that's good.

You may also be responsible for managing the schedules, or at least workload of your teams. It’s likely in a larger organisation that you will already have software to support this and timesheets to capture hours worked. If you don’t, I would suggest you implement a basic form of tracking tasks and ensuring your team know what’s expected. Clear roles and responsibilities are really important when running a team, the use of a RACI, clear Job Descriptions and OKRs are great tools to ensure everyone is on the same page. Most organisations will have specific implementations and support for using these types of tools, so it’s best to check first with your ‘+1’ leader or HR before creating something new. If you don’t, I would encourage you to create them and discuss them in depth with your team. You’ll find a lot of issues have their root cause in lack of organisational clarity, so nailing this early will help future-you IMMENSELY.

It’s important to have (and clearly articulate) vision and a plan as a leader. It instils confidence for your team, peers and leadership above you. For most people moving from an individual contributor role to a leadership position, your focus will shift from purely tactical to increasingly strategic. This shift means that your mindset will need to change from narrow and deep, to broad and shallow. Your career will likely track this arc as you become more senior, assuming a leadership track.

To this end, it’s a good idea when you start in a new role to ensure you understand and define your, and the team’s, objectives and mission. This will typically include discussions with your immediate leader. My advice is to use OKRs to define WHAT your objectives are, and a mission statement to encapsulate WHY you’re doing what you do. Next you need to create a strategy for HOW you’re going to achieve your objectives. When you first join a team, your tactical plan is also going to be important. How will you get people on-board? What are your priorities? Although typically a sales tool, a 30,60,90 plan can be a great starting point. This defines your actions for the next 30/60/90 days and gives a snapshot of your tactical activities. I like to use this when I’m starting at a new organisation or with a team I haven’t worked with before, as it provisions for discovery and short-term wins. It’s important you balance tactical and strategic objectives well, as if you don’t show progress in both areas, you’ll be at risk of being judged as ineffectual, whether you are or not.

Wrapping up

I hope this helps people gain some ideas of where to start as a leader. Going into leadership was the best career move I made and the most rewarding. I love discussing this topic area (I’m not just cyber, cyber, cyber) so please do drop me a DM if you have ideas to share, or if you agree or disagree with my thoughts. In summary though, if you take away anything from this post, please remember:

• Good people make good leaders. Try to make work fun and interesting.
• Don’t be scared to try things out and experiment.
• Talk to the teams you lead about what you’re trying to do and how you’re trying to do it.
• Don’t be stingy with positive feedback!
• Solicit opinion and don’t be scared of criticism, be curious about yourself.
• Build your approach on experience and research, read broadly.
• Work for your team and enjoy their successes.
• Bonus round (and my pet hate): don't use phrases like 'my team' or 'I'll get to do that'. It doesn't impress anyone.