Cyber Leader as an Entrepreneur was first published on LinkedIn.
Digital transformation is fundamentally changing the importance of cybersecurity as a business operation.
Cloud strategies are moving cyber operations out of the realm of support function, and into the realm of a key business enabler.
Cyber Leader as an entrepreneur
As cyber becomes more strategic, so do the expectations of its leaders. To meet these expectations, cyber leadership must become less technical and more entrepreneurial.
In his November 2019 HBR article, Matthew Doan points out that those skills are ceasing to be the standard for measuring cyber leaders.
In his words,
cyber leaders need to be something different
In my own organization, we’ve embraced an entrepreneurial mindset more suited for digital transformation.
Put another way, we run our organization like a small business.
We still have a cyber mission. But “how” we go about accomplishing the mission, has evolved to become more business-like.
The buinsess of cyber leadership
A good example of this is how we manage our training budgets.
For years, the gold standard has been certification. A quick scan of the email signatures of the cyber pros in most companies, will yield an alphabet soup of cyber credentials.
The problem is, two-fold.
The problem with certications
First, many certifications are not measures of competency; but merely an indicator of general knowledge and aptitude. Second, and more serious, is that certifications have become an end unto themselves, with employees collecting several. In some organizations, they have even taken on a status symbol like quality.
As business leaders we have a responsibility to our company, our customers, and our shareholders, to maximize the return on their investments. One way to do that, is to act like small business owners.
Business-driven cyber leadership
The approach we’ve taken is pretty simple. Once basic certification requirements are met, our focus shifts to enhancing critical organizational skills and abilities; as determined by business goals.
We select employees and teams critical to achieving those goals, and then identify any skill or experience gaps. These gaps become priorities for training and development. We then continue the process, iterating down through successive business goals until we have covered all the major goals.
This approach doesn’t prevent employees from gaining additional certifications. But that’s not the focus. It’s not even a consideration.
Investment decisions around employee training and development are rooted in achieving business goals. In doing so, we ensure we maximize the return on the company’s investment.
Here’s the question…
If you were a small business, and you had to fund cyber training for your employees, how would you invest?