The Cyber Leader as an Entrepreneur
Digital transformation is fundamentally changing the importance of cybersecurity as a business operation. Cloud strategies alone are moving cyber operations out of the realm of support function, and into the realm of a key business enabler.
As cyber becomes more strategic, so do the expectations of its leaders. To meet those expectations, cyber leadership must become less technical and more entrepreneurial.
In his November 2019 HBR article, Matthew Doan points out that those skills are ceasing to be the standard for measuring cyber leaders. In his words, cyber leaders need to be something different”.
In my own organization, we’ve embraced an entrepreneurial mindset more suited for digital transformation.
Put another way, we run our organization like a small business.
We still have a cyber mission. But “how” we go about accomplishing the mission, has evolved to become more business-like.
A good example of this is how we manage our training budgets.
For many years, the gold standard has been certification. A quick scan of the email signatures of the cyber pros in most companies, will yield an alphabet soup of cyber credentials.
The problem is, two-fold.
The first problem is, many certifications are not measures of competency. They are merely an indicator of general knowledge and aptitude.
A second and more serious consern, is that certifications have become an end unto themselves; as employees go about collecting several.
In some organizations, they have even taken on a status symbol like quality.
A New Paradigm
As business leaders we have a responsibility to our company, our customers, and our shareholders, to maximize the return on their investments. One way to do that, is to act like small business owners.
The approach we’ve taken in my organization is pretty simple.
Once basic certification requirements are met, our focus shifts to enhancing critical organizational skills and abilities. These are determined by our business goals.
We select employees and teams critical to achieving those goals, and then identify any skill or experience gaps. These gaps become priorities for training and development.
We continue the process, iterating down through successive business goals until we have them all covered.
This approach doesn’t prevent employees from gaining additional certifications. But certification is not the focus. In fact, it’s not even a consideration.
Investment decisions around employee training and development are rooted in achieving business goals.
Doing it this way, we ensure we maximize the return on the company’s investment.
Here’s the question…
If you were a small business, and you had to fund cyber training for your employees, how would you invest?